{"id":478428,"date":"2023-08-09T09:32:44","date_gmt":"2023-08-09T09:32:44","guid":{"rendered":""},"modified":"2023-09-05T11:16:46","modified_gmt":"2023-09-05T11:16:46","slug":"php-injection","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/kr\/wiki\/php-injection\/","title":{"rendered":"PHP \uc8fc\uc785"},"content":{"rendered":"<p>PHP \ucf54\ub4dc \uc8fc\uc785 \ub610\ub294 PHP \uc6d0\uaca9 \ucf54\ub4dc \uc2e4\ud589\uc774\ub77c\uace0\ub3c4 \uc54c\ub824\uc9c4 PHP \uc8fc\uc785\uc740 PHP(Hypertext Preprocessor) \ud504\ub85c\uadf8\ub798\ubc0d \uc5b8\uc5b4\ub97c \uc0ac\uc6a9\ud558\uc5ec \uad6c\ucd95\ub41c \uc6f9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc5d0 \uc601\ud5a5\uc744 \ubbf8\uce58\ub294 \ubcf4\uc548 \ucde8\uc57d\uc810\uc785\ub2c8\ub2e4. \uc774\ub97c \ud1b5\ud574 \uc545\uc758\uc801\uc778 \ud589\uc704\uc790\uac00 \ub300\uc0c1 \uc11c\ubc84\uc5d0 \uc784\uc758\uc758 PHP \ucf54\ub4dc\ub97c \uc0bd\uc785\ud558\uace0 \uc2e4\ud589\ud560 \uc218 \uc788\uc5b4 \ubb34\ub2e8 \uc561\uc138\uc2a4, \ub370\uc774\ud130 \ub3c4\uc6a9 \ubc0f \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc758 \uc644\uc804\ud55c \uc190\uc0c1\uc774 \ubc1c\uc0dd\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<h2>PHP \uc778\uc81d\uc158\uc758 \uae30\uc6d0\uacfc \ucd5c\ucd08\uc758 \uc5b8\uae09\uc5d0 \ub300\ud55c \uc5ed\uc0ac\uc785\ub2c8\ub2e4.<\/h2>\n<p>PHP \uc778\uc81d\uc158\uc758 \uac1c\ub150\uc740 PHP\uac00 \uc6f9 \uac1c\ubc1c\uc744 \uc704\ud574 \ub110\ub9ac \uc0ac\uc6a9\ub418\ub294 \uc11c\ubc84\uce21 \uc2a4\ud06c\ub9bd\ud305 \uc5b8\uc5b4\uac00 \ub41c 2000\ub144\ub300 \ucd08\ubc18\uc5d0 \ub098\ud0c0\ub0ac\uc2b5\ub2c8\ub2e4. PHP \uc8fc\uc785\uc5d0 \ub300\ud55c \uccab \ubc88\uc9f8 \uc8fc\ubaa9\ud560\ub9cc\ud55c \uc5b8\uae09\uc740 2002\ub144\uacbd \ubcf4\uc548 \uc5f0\uad6c\uc6d0\ub4e4\uc774 \ub2f9\uc2dc \uc778\uae30 \uc788\ub294 \ucf58\ud150\uce20 \uad00\ub9ac \uc2dc\uc2a4\ud15c\uc778 PHP-Nuke\uc5d0\uc11c \ucde8\uc57d\uc810\uc744 \ubc1c\uacac\ud588\uc744 \ub54c\uc600\uc2b5\ub2c8\ub2e4. \uc774 \uc0ac\uac74\uc740 PHP \ucf54\ub4dc \uc0bd\uc785\uc758 \uc7a0\uc7ac\uc801 \uc704\ud5d8\uc5d0 \ub300\ud55c \uc778\uc2dd\uc744 \uc81c\uace0\ud588\uc73c\uba70 \uc6f9 \uac1c\ubc1c \ucee4\ubba4\ub2c8\ud2f0 \ub0b4\uc5d0\uc11c \ud1a0\ub860\uc744 \ucd09\ubc1c\uc2dc\ucf30\uc2b5\ub2c8\ub2e4.<\/p>\n<h2>PHP \uc8fc\uc785\uc5d0 \ub300\ud55c \uc790\uc138\ud55c \uc815\ubcf4\uc785\ub2c8\ub2e4. PHP \uc8fc\uc785 \uc8fc\uc81c\ub97c \ud655\uc7a5\ud569\ub2c8\ub2e4.<\/h2>\n<p>PHP \uc8fc\uc785\uc740 PHP \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \ub0b4\uc5d0\uc11c \uc0ac\uc6a9\uc790 \uc785\ub825\uc744 \uc798\ubabb \ucc98\ub9ac\ud558\uc5ec \ubc1c\uc0dd\ud569\ub2c8\ub2e4. \uc6f9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc774 \uc0ac\uc6a9\uc790\uac00 \uc81c\uacf5\ud55c \ub370\uc774\ud130\ub97c \uc801\uc808\ud558\uac8c \uac80\uc99d\ud558\uac70\ub098 \uc0ad\uc81c\ud558\uc9c0 \uc54a\uc73c\uba74 \uacf5\uaca9\uc790\ub294 \uc11c\ubc84\uc5d0\uc11c PHP \ucf54\ub4dc\ub85c \uc2e4\ud589\ub418\ub294 \uc545\uc758\uc801\uc778 \uc785\ub825\uc744 \uc870\uc791\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. PHP \uc8fc\uc785\uc758 \uc8fc\uc694 \uc6d0\uc778\uc740 \ub2e4\uc74c\uacfc \uac19\uc2b5\ub2c8\ub2e4.<\/p>\n<ol>\n<li>\n<p><strong>\uc0ac\uc6a9\uc790 \uc785\ub825\uc758 \uc798\ubabb\ub41c \ucc98\ub9ac:<\/strong> \uc591\uc2dd \ub370\uc774\ud130, URL \ub9e4\uac1c\ubcc0\uc218, \ucfe0\ud0a4 \ub4f1 \uc0ac\uc6a9\uc790 \uc785\ub825\uc758 \uc720\ud6a8\uc131\uc744 \uac80\uc0ac\ud558\uace0 \uc0ad\uc81c\ud558\uc9c0 \ubabb\ud558\uba74 \uacf5\uaca9\uc790\uac00 \uc545\uc131 PHP \ucf54\ub4dc\ub97c \uc0bd\uc785\ud560 \uc218 \uc788\ub294 \uae30\ud68c\uac00 \uc0dd\uae38 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\ub370\uc774\ud130\ubca0\uc774\uc2a4 \ucffc\ub9ac:<\/strong> \ub370\uc774\ud130\ubca0\uc774\uc2a4 \ucffc\ub9ac, \ud2b9\ud788 SQL \ubb38\uc5d0 \uc5f0\uacb0\ub41c \uc0ac\uc6a9\uc790 \uc785\ub825\uc73c\ub85c \uad6c\uc131\ub41c \ub3d9\uc801 \ucffc\ub9ac\ub97c \ubd80\uc801\uc808\ud558\uac8c \uc0ac\uc6a9\ud558\uba74 SQL \uc8fc\uc785 \ucde8\uc57d\uc810\uc774 \ubc1c\uc0dd\ud558\uc5ec \uacb0\uacfc\uc801\uc73c\ub85c PHP \uc8fc\uc785\uc774 \ubc1c\uc0dd\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\ud30c\uc77c \ud3ec\ud568 \ucde8\uc57d\uc810:<\/strong> PHP \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc5d0 \uc801\uc808\ud55c \uc720\ud6a8\uc131 \uac80\uc0ac \uc5c6\uc774 \uc0ac\uc6a9\uc790 \uc81c\uacf5 \uc785\ub825\uc744 \uae30\ubc18\uc73c\ub85c \ud558\ub294 \ud30c\uc77c\uc774 \ud3ec\ud568\ub418\uc5b4 \uc788\ub294 \uacbd\uc6b0 \uacf5\uaca9\uc790\ub294 \uc774\ub97c \ud65c\uc6a9\ud558\uc5ec \uc545\uc131 PHP \ud30c\uc77c\uc744 \ud3ec\ud568\ud558\uace0 \uc784\uc758 \ucf54\ub4dc\ub97c \uc2e4\ud589\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<\/ol>\n<h2>PHP \uc8fc\uc785\uc758 \ub0b4\ubd80 \uad6c\uc870. PHP \uc8fc\uc785\uc774 \uc791\ub3d9\ud558\ub294 \ubc29\uc2dd.<\/h2>\n<p>PHP \uc8fc\uc785\uc740 \ub7f0\ud0c0\uc784 \uc911\uc5d0 \ucf54\ub4dc \uc2e4\ud589\uc744 \ud5c8\uc6a9\ud558\ub294 PHP\uc758 \ub3d9\uc801 \ud2b9\uc131\uc744 \ud65c\uc6a9\ud569\ub2c8\ub2e4. PHP \uc8fc\uc785 \ud504\ub85c\uc138\uc2a4\ub294 \ub2e4\uc74c \ub2e8\uacc4\ub85c \ub098\ub20c \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<ol>\n<li>\n<p><strong>\uc0ac\uc6a9\uc790 \uc785\ub825:<\/strong><\/p>\n<ul>\n<li>\uacf5\uaca9\uc790\ub294 \uc801\uc808\ud55c \uac80\uc99d \uc5c6\uc774 \uc0ac\uc6a9\uc790 \uc785\ub825\uc774 \ucc98\ub9ac\ub418\ub294 \uc6f9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc758 \uc9c0\uc810\uc744 \uc2dd\ubcc4\ud569\ub2c8\ub2e4.<\/li>\n<li>\uc77c\ubc18\uc801\uc778 \uc9c4\uc785\uc810\uc5d0\ub294 \uc6f9 \uc591\uc2dd, URL \ub9e4\uac1c\ubcc0\uc218, HTTP \ud5e4\ub354 \ubc0f \ucfe0\ud0a4\uac00 \ud3ec\ud568\ub429\ub2c8\ub2e4.<\/li>\n<\/ul>\n<\/li>\n<li>\n<p><strong>\uc545\uc131 \ud398\uc774\ub85c\ub4dc:<\/strong><\/p>\n<ul>\n<li>\uacf5\uaca9\uc790\ub294 \uc11c\ubc84\uc5d0\uc11c \uc2e4\ud589\ud558\ub824\ub294 PHP \ucf54\ub4dc\uac00 \ud3ec\ud568\ub41c \uc545\uc131 \ud398\uc774\ub85c\ub4dc\ub97c \uc81c\uc791\ud569\ub2c8\ub2e4.<\/li>\n<li>\ud398\uc774\ub85c\ub4dc\ub294 \uac10\uc9c0\ub97c \ud53c\ud558\uae30 \uc704\ud574 \uc778\ucf54\ub529\ub418\uac70\ub098 \ub09c\ub3c5\ud654\ub420 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/li>\n<\/ul>\n<\/li>\n<li>\n<p><strong>\ucf54\ub4dc \uc2e4\ud589:<\/strong><\/p>\n<ul>\n<li>\uc81c\uc791\ub41c \ud398\uc774\ub85c\ub4dc\ub294 \ucde8\uc57d\ud55c \uc9c4\uc785\uc810\uc5d0 \uc8fc\uc785\ub429\ub2c8\ub2e4.<\/li>\n<li>\uc11c\ubc84\ub294 \uc0bd\uc785\ub41c \ucf54\ub4dc\ub97c \ud569\ubc95\uc801\uc778 PHP \ucf54\ub4dc\ub85c \ucde8\uae09\ud558\uace0 \ub7f0\ud0c0\uc784 \uc911\uc5d0 \uc2e4\ud589\ud569\ub2c8\ub2e4.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<h2>PHP \uc8fc\uc785\uc758 \uc8fc\uc694 \uae30\ub2a5 \ubd84\uc11d.<\/h2>\n<p>PHP \uc8fc\uc785\uc740 \uc6f9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc5d0 \uc2ec\uac01\ud55c \uc704\ud611\uc774 \ub418\ub294 \uba87 \uac00\uc9c0 \uc8fc\uc694 \uae30\ub2a5\uc744 \uac00\uc9c0\uace0 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<ol>\n<li>\n<p><strong>\uc6d0\uaca9 \ucf54\ub4dc \uc2e4\ud589:<\/strong> PHP \uc8fc\uc785\uc744 \ud1b5\ud574 \uacf5\uaca9\uc790\ub294 \uc784\uc758\uc758 PHP \ucf54\ub4dc\ub97c \uc6d0\uaca9\uc73c\ub85c \uc2e4\ud589\ud558\uc5ec \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \uc11c\ubc84\ub97c \uc81c\uc5b4\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\ub370\uc774\ud130 \uc870\uc791:<\/strong> \uacf5\uaca9\uc790\ub294 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc758 \ub370\uc774\ud130\ubca0\uc774\uc2a4\uc5d0 \uc800\uc7a5\ub41c \ub370\uc774\ud130\ub97c \uc870\uc791, \uc77d\uae30 \ub610\ub294 \uc0ad\uc81c\ud560 \uc218 \uc788\uc73c\uba70 \uc774\ub85c \uc778\ud574 \uc7a0\uc7ac\uc801\uc73c\ub85c \ub370\uc774\ud130 \uce68\ud574 \ub610\ub294 \ubbfc\uac10\ud55c \uc815\ubcf4 \uc190\uc2e4\uc774 \ubc1c\uc0dd\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\uc560\ud50c\ub9ac\ucf00\uc774\uc158 \uc190\uc0c1:<\/strong> PHP \uc8fc\uc785\uc774 \uc131\uacf5\ud558\uba74 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc774 \uc644\uc804\ud788 \uc190\uc0c1\ub418\uc5b4 \uacf5\uaca9\uc790\uac00 \ubb34\ub2e8 \uc561\uc138\uc2a4\ub97c \uc5bb\uace0 \ub2e4\uc591\ud55c \uc545\uc758\uc801\uc778 \ud65c\ub3d9\uc744 \uc218\ud589\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>XSS(\uad50\ucc28 \uc0ac\uc774\ud2b8 \uc2a4\ud06c\ub9bd\ud305) \ubca1\ud130:<\/strong> PHP \uc8fc\uc785\uc740 \uc8fc\uc785\ub41c \ucf54\ub4dc\uac00 \ub2e4\ub978 \uc0ac\uc6a9\uc790\uc5d0\uac8c \ub2e4\uc2dc \ubc18\uc601\ub420 \ub54c \ud06c\ub85c\uc2a4 \uc0ac\uc774\ud2b8 \uc2a4\ud06c\ub9bd\ud305 \uacf5\uaca9\uc758 \ubca1\ud130 \uc5ed\ud560\uc744 \ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<\/ol>\n<h2>PHP \uc8fc\uc785 \uc720\ud615 \ubc0f \uc608:<\/h2>\n<p>PHP \uc778\uc81d\uc158\uc5d0\ub294 \uc5ec\ub7ec \uc720\ud615\uc774 \uc788\uc73c\uba70 \uac01\uac01\uc758 \ud2b9\uc9d5\uacfc \ud65c\uc6a9 \ubc29\ubc95\uc774 \uc788\uc2b5\ub2c8\ub2e4. \ub2e4\uc74c\uc740 \uba87 \uac00\uc9c0 \uc77c\ubc18\uc801\uc778 \uc720\ud615\uc785\ub2c8\ub2e4.<\/p>\n<table>\n<thead>\n<tr>\n<th>\uc720\ud615<\/th>\n<th>\uc124\uba85<\/th>\n<th>\uc608<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>GET\/POST \ub9e4\uac1c\ubcc0\uc218 \uc8fc\uc785<\/strong><\/td>\n<td>GET \ub610\ub294 POST \ub9e4\uac1c\ubcc0\uc218\ub97c \ud1b5\ud574 \uc545\uc131 PHP \ucf54\ub4dc\uac00 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc5d0 \uc0bd\uc785\ub420 \ub54c \ubc1c\uc0dd\ud569\ub2c8\ub2e4.<\/td>\n<td><code data-no-translation=\"\">http:\/\/example.com\/page.php?id=1' UNION SELECT null, username, password FROM users--<\/code><\/td>\n<\/tr>\n<tr>\n<td><strong>SQL \uc778\uc81d\uc158 \uae30\ubc18 PHP \uc778\uc81d\uc158<\/strong><\/td>\n<td>SQL \uc8fc\uc785 \ucde8\uc57d\uc810\uc73c\ub85c \uc778\ud574 PHP \ucf54\ub4dc \uc8fc\uc785\uc774 \ubc1c\uc0dd\ud560 \ub54c \ubc1c\uc0dd\ud569\ub2c8\ub2e4.<\/td>\n<td><code data-no-translation=\"\">username=admin'; DELETE FROM users;--<\/code><\/td>\n<\/tr>\n<tr>\n<td><strong>\uba85\ub839 \uc8fc\uc785<\/strong><\/td>\n<td>PHP \ucf54\ub4dc \uc0bd\uc785\uc744 \ud1b5\ud574 \uc11c\ubc84\uc5d0\uc11c \uc784\uc758\uc758 \uc258 \uba85\ub839\uc744 \uc2e4\ud589\ud558\ub294 \uac83\uacfc \uad00\ub828\ub429\ub2c8\ub2e4.<\/td>\n<td><code data-no-translation=\"\">system('rm -rf \/');<\/code><\/td>\n<\/tr>\n<tr>\n<td><strong>\ud30c\uc77c \ud3ec\ud568 \uae30\ubc18 PHP \uc8fc\uc785<\/strong><\/td>\n<td>\uc678\ubd80 \ud30c\uc77c\uc5d0\uc11c PHP \ucf54\ub4dc\ub97c \uc2e4\ud589\ud558\uae30 \uc704\ud574 \ud30c\uc77c \ud3ec\ud568 \ucde8\uc57d\uc810\uc744 \uc545\uc6a9\ud558\ub294 \uac83\uacfc \uad00\ub828\ub429\ub2c8\ub2e4.<\/td>\n<td><code data-no-translation=\"\">http:\/\/example.com\/page.php?file=evil.php<\/code><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>PHP \uc778\uc81d\uc158\uc758 \uc0ac\uc6a9\ubc29\ubc95\uacfc \uc0ac\uc6a9\uc5d0 \ub530\ub978 \ubb38\uc81c\uc810 \ubc0f \ud574\uacb0\ubc29\ubc95\uc744 \uc18c\uac1c\ud569\ub2c8\ub2e4.<\/h2>\n<h3>PHP \uc778\uc81d\uc158 \uc545\uc6a9:<\/h3>\n<ol>\n<li>\n<p><strong>\uc778\uc99d \uc6b0\ud68c:<\/strong> \uacf5\uaca9\uc790\ub294 \ub85c\uadf8\uc778 \uba54\ucee4\ub2c8\uc998\uc744 \uc6b0\ud68c\ud558\uae30 \uc704\ud574 PHP \ucf54\ub4dc\ub97c \uc0bd\uc785\ud558\uc5ec \uc81c\ud55c\ub41c \uc601\uc5ed\uc5d0 \ub300\ud55c \ubb34\ub2e8 \uc561\uc138\uc2a4\ub97c \ud5c8\uc6a9\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\ub370\uc774\ud130 \ub3c4\ub09c:<\/strong> \uacf5\uaca9\uc790\ub294 PHP \uc778\uc81d\uc158\uc744 \uc545\uc6a9\ud558\uc5ec \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc774\ub098 \uc5f0\uacb0\ub41c \ub370\uc774\ud130\ubca0\uc774\uc2a4\uc5d0\uc11c \ubbfc\uac10\ud55c \ub370\uc774\ud130\ub97c \ucd94\ucd9c\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\uc6f9\uc0ac\uc774\ud2b8 \ud6fc\uc190:<\/strong> \uc8fc\uc785\ub41c PHP \ucf54\ub4dc\ub294 \uc6f9\uc0ac\uc774\ud2b8\uc758 \ucf58\ud150\uce20\ub97c \uc218\uc815\ud558\uac70\ub098 \ud6fc\uc190\ud558\uac70\ub098 \ubd80\uc801\uc808\ud55c \ucf58\ud150\uce20\ub97c \ud45c\uc2dc\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<\/ol>\n<h3>\ubb38\uc81c \ubc0f \ud574\uacb0 \ubc29\ubc95:<\/h3>\n<ol>\n<li>\n<p><strong>\ubd88\ucda9\ubd84\ud55c \uc785\ub825 \uac80\uc99d:<\/strong> \uc2b9\uc778\ub418\uc9c0 \uc54a\uc740 \ubb38\uc790\uac00 \ucc98\ub9ac\ub418\ub294 \uac83\uc744 \ubc29\uc9c0\ud558\uae30 \uc704\ud574 \uac15\ub825\ud55c \uc785\ub825 \uac80\uc99d \ubc0f \ud544\ud130\ub9c1\uc744 \uad6c\ud604\ud569\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\uc900\ube44\ub41c \uc9c4\uc220:<\/strong> PHP \uc8fc\uc785\uc73c\ub85c \uc774\uc5b4\uc9c8 \uc218 \uc788\ub294 SQL \uc8fc\uc785\uc744 \ubc29\uc9c0\ud558\ub824\uba74 \uc900\ube44\ub41c \ubb38\uc774\ub098 \ub9e4\uac1c\ubcc0\uc218\ud654\ub41c \ucffc\ub9ac\ub97c \uc0ac\uc6a9\ud558\uc138\uc694.<\/p>\n<\/li>\n<li>\n<p><strong>\uc774\uc2a4\ucf00\uc774\ud504 \ucd9c\ub825:<\/strong> XSS\ub97c \ubc29\uc9c0\ud558\uace0 PHP \uc0bd\uc785 \uc704\ud5d8\uc744 \uc904\uc774\ub824\uba74 \ucd9c\ub825\uc744 \uc0ac\uc6a9\uc790\uc5d0\uac8c \ud45c\uc2dc\ud558\uae30 \uc804\uc5d0 \ud56d\uc0c1 \uc774\uc2a4\ucf00\uc774\ud504 \ucc98\ub9ac\ud558\uc138\uc694.<\/p>\n<\/li>\n<\/ol>\n<h2>\uc8fc\uc694 \ud2b9\uc9d5 \ubc0f \uae30\ud0c0 \uc720\uc0ac\ud55c \uc6a9\uc5b4\uc640\uc758 \ube44\uad50\ub97c \ud45c\uc640 \ubaa9\ub85d \ud615\ud0dc\ub85c \uc81c\uacf5\ud569\ub2c8\ub2e4.<\/h2>\n<table>\n<thead>\n<tr>\n<th>\ud2b9\uc131<\/th>\n<th>PHP \uc8fc\uc785<\/th>\n<th>XSS(\uad50\ucc28 \uc0ac\uc774\ud2b8 \uc2a4\ud06c\ub9bd\ud305)<\/th>\n<th>SQL \uc8fc\uc785<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>\ubaa9\uc801<\/strong><\/td>\n<td>\uc6d0\uaca9\uc73c\ub85c PHP \ucf54\ub4dc \uc2e4\ud589<\/td>\n<td>\uc0ac\uc6a9\uc790 \ube0c\ub77c\uc6b0\uc800\uc5d0\uc11c \ud074\ub77c\uc774\uc5b8\ud2b8 \uce21 \uc2a4\ud06c\ub9bd\ud2b8 \uc2e4\ud589<\/td>\n<td>\ub370\uc774\ud130\ubca0\uc774\uc2a4\uc5d0 \ub300\ud55c SQL \ucffc\ub9ac \uc870\uc791<\/td>\n<\/tr>\n<tr>\n<td><strong>\uc601\ud5a5\uc744 \ubc1b\ub294 \uad6c\uc131 \uc694\uc18c<\/strong><\/td>\n<td>\uc11c\ubc84\uce21 PHP \ucf54\ub4dc<\/td>\n<td>\ud074\ub77c\uc774\uc5b8\ud2b8 \uce21 JavaScript<\/td>\n<td>\ub370\uc774\ud130\ubca0\uc774\uc2a4 \ucffc\ub9ac<\/td>\n<\/tr>\n<tr>\n<td><strong>\uc2e4\ud589 \uc704\uce58<\/strong><\/td>\n<td>\uc12c\uae30\ub294 \uc0ac\ub78c<\/td>\n<td>\uc0ac\uc6a9\uc790\uc758 \ube0c\ub77c\uc6b0\uc800<\/td>\n<td>\uc12c\uae30\ub294 \uc0ac\ub78c<\/td>\n<\/tr>\n<tr>\n<td><strong>\ucc29\ucde8 \uc9c0\uc810<\/strong><\/td>\n<td>\uc0ac\uc6a9\uc790 \uc785\ub825(GET\/POST)<\/td>\n<td>\uc0ac\uc6a9\uc790 \uc785\ub825(\uc608: \uc591\uc2dd)<\/td>\n<td>\uc0ac\uc6a9\uc790 \uc785\ub825(\uc608: \uc591\uc2dd)<\/td>\n<\/tr>\n<tr>\n<td><strong>\uc601\ud5a5<\/strong><\/td>\n<td>\uc11c\ubc84 \uce68\ud574<\/td>\n<td>\uc0ac\uc6a9\uc790 \ub370\uc774\ud130 \ub178\ucd9c<\/td>\n<td>\ub370\uc774\ud130\ubca0\uc774\uc2a4 \uc870\uc791<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>PHP \uc778\uc81d\uc158\uc5d0 \uad00\ud55c \ubbf8\ub798\uc758 \uad00\uc810\uacfc \uae30\uc220.<\/h2>\n<p>\uae30\uc220\uc774 \ubc1c\uc804\ud568\uc5d0 \ub530\ub77c PHP \uc8fc\uc785\uacfc \uac19\uc740 \ucde8\uc57d\uc810\uc744 \uc545\uc6a9\ud558\ub294 \ub370 \uc0ac\uc6a9\ub418\ub294 \uae30\uc220\ub3c4 \ubc1c\uc804\ud569\ub2c8\ub2e4. \uc774\ub7ec\ud55c \uc704\ud611\uc5d0 \ub300\uc751\ud558\ub824\uba74 \uac1c\ubc1c\uc790\uc640 \ubcf4\uc548 \uc804\ubb38\uac00\ub294 \uacbd\uacc4\ub97c \ub2a6\ucd94\uc9c0 \uc54a\uace0 \ubaa8\ubc94 \uc0ac\ub840\ub97c \ucc44\ud0dd\ud574\uc57c \ud569\ub2c8\ub2e4.<\/p>\n<ol>\n<li>\n<p><strong>\uc790\ub3d9\ud654\ub41c \ucf54\ub4dc \ubd84\uc11d:<\/strong> \ucf54\ub4dc \ubd84\uc11d\uc744 \uc704\ud55c \uc790\ub3d9\ud654 \ub3c4\uad6c\ub97c \uc0ac\uc6a9\ud558\uba74 PHP \uc8fc\uc785\uc744 \ud3ec\ud568\ud55c \uc7a0\uc7ac\uc801\uc778 \ucde8\uc57d\uc810\uc744 \uc2dd\ubcc4\ud558\ub294 \ub370 \ub3c4\uc6c0\uc774 \ub420 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\ubcf4\uc548 \uac10\uc0ac \ubc0f \uce68\ud22c \ud14c\uc2a4\ud2b8:<\/strong> \uc815\uae30\uc801\uc778 \ubcf4\uc548 \uac10\uc0ac \ubc0f \uce68\ud22c \ud14c\uc2a4\ud2b8\ub97c \ud1b5\ud574 \uc6f9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc758 \uc57d\uc810\uc744 \ubc1d\ud600 \uc0ac\uc804 \uc870\uce58\ub97c \ucde8\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\ubcf4\uc548 \uac1c\ubc1c \ud504\ub808\uc784\uc6cc\ud06c:<\/strong> \ub0b4\uc7a5\ub41c \ubcf4\uc548 \uae30\ub2a5\uc744 \ud1b5\ud569\ud558\ub294 \ubcf4\uc548 \uac1c\ubc1c \ud504\ub808\uc784\uc6cc\ud06c\ub97c \uc0ac\uc6a9\ud558\uba74 PHP \uc8fc\uc785 \uc704\ud5d8\uc744 \uc644\ud654\ud558\ub294 \ub370 \ub3c4\uc6c0\uc774 \ub420 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<\/ol>\n<h2>\ud504\ub85d\uc2dc \uc11c\ubc84\ub97c \uc0ac\uc6a9\ud558\uac70\ub098 PHP \uc8fc\uc785\uacfc \uc5f0\uacb0\ud558\ub294 \ubc29\ubc95.<\/h2>\n<p>\ud504\ub85d\uc2dc \uc11c\ubc84\ub294 \ud074\ub77c\uc774\uc5b8\ud2b8\uc640 \uc11c\ubc84 \uc0ac\uc774\uc758 \uc911\uac1c\uc790 \uc5ed\ud560\uc744 \ud558\uc5ec \uc0ac\uc6a9\uc790\uc5d0\uac8c \ucd94\uac00\uc801\uc778 \uc775\uba85\uc131\uacfc \ubcf4\uc548 \uacc4\uce35\uc744 \uc81c\uacf5\ud569\ub2c8\ub2e4. PHP \uc8fc\uc785\uc758 \ub9e5\ub77d\uc5d0\uc11c \ud504\ub85d\uc2dc \uc11c\ubc84\ub294 \uc870\ub825\uc790\uc774\uc790 \ubc29\ud574\uc790\uac00 \ub420 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<ol>\n<li>\n<p><strong>\uacf5\uaca9\uc790\uc758 \uc2e0\uc6d0 \uc228\uae30\uae30:<\/strong> \uacf5\uaca9\uc790\ub294 PHP \uc8fc\uc785 \uacf5\uaca9\uc744 \uc2dc\ub3c4\ud558\ub294 \ub3d9\uc548 \ud504\ub85d\uc2dc \uc11c\ubc84\ub97c \uc0ac\uc6a9\ud558\uc5ec \uc2e4\uc81c IP \uc8fc\uc18c\ub97c \uc228\uaca8 \uc704\uce58\ub97c \ucd94\uc801\ud558\uae30 \uc5b4\ub835\uac8c \ub9cc\ub4e4 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\ubcf4\uc548 \ubc0f \ubaa8\ub2c8\ud130\ub9c1:<\/strong> \ud504\ub85d\uc2dc \uc11c\ubc84\ub294 \uc6f9 \uc0ac\uc774\ud2b8 \uad00\ub9ac\uc790\uac00 \ub4e4\uc5b4\uc624\ub294 \ud2b8\ub798\ud53d\uc744 \ud544\ud130\ub9c1 \ubc0f \ubaa8\ub2c8\ud130\ub9c1\ud558\uace0 \uc7a0\uc7ac\uc801\uc73c\ub85c PHP \uc8fc\uc785 \uc2dc\ub3c4\ub97c \uac10\uc9c0 \ubc0f \ucc28\ub2e8\ud558\uc5ec \ubcf4\uc548\uc744 \uac15\ud654\ud558\ub294 \ub370 \uc0ac\uc6a9\ud560 \uc218\ub3c4 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<\/ol>\n<h2>\uad00\ub828\ub41c \ub9c1\ud06c\ub4e4<\/h2>\n<p>PHP \uc0bd\uc785 \ubc0f \uc6f9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \ubcf4\uc548\uc5d0 \ub300\ud55c \uc790\uc138\ud55c \ub0b4\uc6a9\uc744 \ubcf4\ub824\uba74 \ub2e4\uc74c \ub9ac\uc18c\uc2a4\ub97c \uc0b4\ud3b4\ubcf4\uc138\uc694.<\/p>\n<ol>\n<li><a href=\"https:\/\/owasp.org\/www-community\/attacks\/PHP_Injection\" target=\"_new\" rel=\"noopener nofollow\">OWASP PHP \ubcf4\uc548 \uce58\ud2b8 \uc2dc\ud2b8<\/a><\/li>\n<li><a href=\"https:\/\/www.php.net\/\" target=\"_new\" rel=\"noopener nofollow\">PHP \uacf5\uc2dd \uc6f9\uc0ac\uc774\ud2b8<\/a><\/li>\n<li><a href=\"https:\/\/www.acunetix.com\/blog\/articles\/understanding-php-injection\/\" target=\"_new\" rel=\"noopener nofollow\">Acunetix \u2013 PHP \uc8fc\uc785 \uc774\ud574\ud558\uae30<\/a><\/li>\n<li><a href=\"https:\/\/www.w3schools.com\/php\/\" target=\"_new\" rel=\"noopener nofollow\">W3Schools PHP \ud29c\ud1a0\ub9ac\uc5bc<\/a><\/li>\n<li><a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/PHP\" target=\"_new\" rel=\"noopener nofollow\">Mozilla \uac1c\ubc1c\uc790 \ub124\ud2b8\uc6cc\ud06c PHP \uac00\uc774\ub4dc<\/a><\/li>\n<\/ol>\n<p>PHP \uc8fc\uc785 \ubc0f \uae30\ud0c0 \ubcf4\uc548 \uc704\ud611\uc73c\ub85c\ubd80\ud130 \uc6f9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc744 \ubcf4\ud638\ud558\ub824\uba74 \ucd5c\uc2e0 \uc815\ubcf4\ub97c \uc5bb\uace0 \ubcf4\uc548 \ucf54\ub529 \ubc29\ubc95\uc744 \uad6c\ud604\ud558\ub294 \uac83\uc774 \ud544\uc218\uc801\uc785\ub2c8\ub2e4.<\/p>","protected":false},"featured_media":478429,"menu_order":0,"template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"class_list":["post-478428","wiki","type-wiki","status-publish","has-post-thumbnail","hentry"],"acf":{"faq_title":"Frequently Asked Questions about <mark>PHP Injection: A Comprehensive Overview<\/mark>","faq_items":[{"question":"What is PHP injection, and why is it a concern for web applications?","answer":"<p>PHP injection, also known as PHP code injection, is a security vulnerability that allows attackers to insert and execute arbitrary PHP code on a web application's server. It poses a serious threat as it can lead to unauthorized access, data theft, and even complete compromise of the application.<\/p>"},{"question":"How did PHP injection originate, and when was it first mentioned?","answer":"<p>PHP injection emerged in the early 2000s with the rise of PHP as a popular server-side scripting language. The first notable mention occurred around 2002 when security researchers discovered a vulnerability in PHP-Nuke, a widely-used content management system.<\/p>"},{"question":"What causes PHP injection, and how does it work internally?","answer":"<p>PHP injection occurs when web applications mishandle user input, especially when it lacks proper validation or sanitization. Attackers inject malicious PHP code through vulnerable entry points, and the server executes it as legitimate PHP code during runtime.<\/p>"},{"question":"What are the main characteristics of PHP injection, and how does it compare to XSS and SQL injection?","answer":"<p>PHP injection allows remote code execution on the server, impacting the application's integrity. In comparison, Cross-Site Scripting (XSS) executes scripts on users' browsers, and SQL injection manipulates database queries to extract data. Each poses unique risks and requires specific prevention measures.<\/p>"},{"question":"What types of PHP injection exist, and can you provide examples?","answer":"<p>Several types of PHP injection include GET\/POST Parameter Injection, SQL Injection-based PHP Injection, Command Injection, and File Inclusion-based PHP Injection. For example, an attacker might exploit a GET parameter to inject malicious SQL code and execute arbitrary commands on the server.<\/p>"},{"question":"How can PHP injection be used, and what are the associated problems and solutions?","answer":"<p>Attackers can use PHP injection to bypass authentication, steal data, and deface websites. To prevent PHP injection, developers should implement robust input validation, use prepared statements for database queries, and escape output before displaying it to users.<\/p>"},{"question":"What are the future perspectives and technologies related to PHP injection?","answer":"<p>As technology advances, automated code analysis, security audits, and secure development frameworks will play crucial roles in mitigating PHP injection risks and enhancing web application security.<\/p>"},{"question":"How are proxy servers related to PHP injection, and what role do they play?","answer":"<p>Proxy servers can both facilitate and hinder PHP injection. Attackers might use proxy servers to hide their identities during attacks, while website administrators can employ proxies to filter and monitor incoming traffic, detecting and blocking potential PHP injection attempts.<\/p>"}]},"_links":{"self":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/wiki\/478428","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/wiki"}],"about":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/types\/wiki"}],"version-history":[{"count":0,"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/wiki\/478428\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/media\/478429"}],"wp:attachment":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/media?parent=478428"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}