[ÀÌ»ó¶ô]´ÔÀÌ ³²±â½Å ±Û:
>¾È³çÇϼ¼¿ä...
>»êÀÌ´ÔÀÌ phpschool¿¡ ¿Ã·ÁÁֽŠ³»¿ë¿¡ ´ëÇÑ ¹®ÀÇ°¡ ÀÖ¾î ÀÌ·¸°Ô ±ÛÀ»
¿Ã¸²´Ï´Ù.
>
>À̺¥Æ® Çڵ鷯¿¡ ´ëÇÑ ¾×¼ÇÀÌ µ¿ÀÛÇÒ¶§ Á¦ÀϾƷ¡ÂÊÀÇ
>readfile($img);
>¿¡ ÀÇÇØ À̹ÌÁö°¡ Ãâ·ÂµÇ´Â °Í °°Àºµ¥ ..
>Á¦°¡ testÇØ º¸´Ï À̹ÌÁö¸¦ "aa.jpg"¸¦
>¾ÆÆÄÄ¡ ¿¡·¯·Î±×¿¡ /action.php/aa.jpg¿¡¼
ã´Â ·Î±×°¡ ³²´õ¶ó±¸¿ä ...
>ÀÌ°ÍÀ» ¾îÂîÇØ¾ß ÇÏ´ÂÁö ..
>Action¿¡ ´ëÇØ debug ÇÏ´Â ¹æ¹ýÀ̶û ¾à°£ÀÇ ¼³¸íÀ» ºÎŹ µå¸³´Ï´Ù.
>
>°¨»ç ÇÕ´Ï´Ù.
>
action Áö½ÃÀÚ¿¡ ¼³Á¤ÇÑ ½ºÅ©¸³Æ® ÆÄÀÏÀº ¾ÆÆÄÄ¡ access_log ¿¡
±â·ÏµÇÁú ¾Ê½À´Ï´Ù. ¸»±×´ë·Î ¹é±×¶ó¿îµå ÇüÅ·Πaction Çϱ⠶§¹®ÀÌÁÒ.
AddHandler chk-image .gif .png .jpg .jpeg .swf
Action chk-image /actimg.php
ÀÌ ³»¿ëÀ» VirualHost °¢ ¼¼¼Ç¿¡ ¼³Á¤ÇÏÁö ¾Ê°í
Global config ºÎºÐ¿¡ ¼³Á¤ÇÏ¸é ¸ðµç °¡»óÈ£½ºÆ®¿¡ ÀüºÎÀû¿ëµÇ¹Ç·Î
ÁÖÀÇÇØ¾ß ÇÕ´Ï´Ù.
Áï Global config ¿¡ ¼³Á¤Çϸé
virtual_host1_DocumentRoot/actimg.php
virtual_host2_DocumentRoot/actimg.php
Virtual_host3_DocumentRoot/actimg.php
...
ÀÌ·¸°Ô °¢°¢ °¡»óÈ£½ºÆ®¸¶´Ù actimg.php ÀÌ ÀÖ¾î¾ßÇÕ´Ï´Ù.
ÇöÀç
AddHandler chk-image .gif .png .jpg .jpeg .swf
Action chk-image /action.php
ÀÌ·¸°Ô ¼³Á¤µÇ¾î ÀÖ´Â°Í °°³×¿ä. ¸Â³ª¿ä?
(action.php ÀÎÁö actimg.php ÀÎÁö ¼·Î ±¸º°Çϼ¼¿ä)
ÀÌ·¸°Ô ¼³Á¤Çß´Ù¸é
DocumentRoot/action.php ¿¡ action ½ºÅ©¸³Æ® ÆÄÀÏÀÌ ÀÖ¾î¾ß
Çϴµ¥ ÇöÀç À§ÀÇ ¿¡·¯·Î±×¸¦ ºÁ¼´Â DocumentRoot/test/action.php
¿¡ ÀÖ´Â°Í °°³×¿ä.
¸¸¾à Å×½ºÆ®»ï¾Æ
/test/action.php ÀÌ À§Ä¡¿¡ action ½ºÅ©¸³Æ® ÆÄÀÏÀ» À§Ä¡ÇÏ°íÀÚ ÇÑ´Ù¸é
AddHandler chk-image .gif .png .jpg .jpeg .swf
Action chk-image /test/action.php
ÀÌ·¸°Ô ¼³Á¤ ÇؾßÇÕ´Ï´Ù.
¶ÇÇÑ ÀÌ ¼³Á¤¿¡¼ ÁÖÀÇÇÒÁ¡Àº
Global config ¿¡ ¼³Á¤Çϸé DocumentRoot/test »Ó¸¸ ¾Æ´Ï¶ó
DocumentRoot/
DocumentRoot/foo/
DocumentRoot/bar/
DocumentRoot/foo/bar/
...
µîµî ¸ðµÎ Àû¿ëµÇ°í ¶ÇÇÑ °¢°¢ÀÇ °¡»óÈ£½ºÆ®µµ ¸ðµÎ
Àû¿ëµË´Ï´Ù.
µû¶ó¼ Action Áö½ÃÀÚ¸¦ ¼³Á¤ÇÒ¶§ Àû¿ëÇÒ ¹üÀ§¿Í °¡»óÈ£½ºÆ®
¸¦ ±¸ºÐÇؼ Àû¿ëÇØ¾ß ÇÕ´Ï´Ù.
Å×½ºÆ®·Î ´ÙÀ½°ú °°ÀÌ ¼³Á¤ÇÏ°í µð¹ö±ëÇغ¾´Ï´Ù.
...
<VirtualHost ...>
...
DocumenRoot /home/user1/public_html
...
<Location /test>
AddHandler chk-image .gif .png .jpg .jpeg .swf
Action chk-image /test/actimg.php
</Location>
</VirualHost>
ÀÌ·¸°Ô ¼³Á¤ÇÏ°í ¾ÆÆÄÄ¡ restart
/home/user1/public_html/test/actimg.php
¿¡ actimg.php ÆÄÀÏÀ» ¸¸µå¼¼¿ä
(action.php °¡ ¾Æ´Ô)
±×¸®°í °£´ÜÇÏ°Ô
-- /home/user1/public_html/test/testimg.html -------------
<HTML>
...
...
<H3>À̹ÌÁö action Å×½ºÆ®</H3>
<IMG SRC='foo.gif' BORDER=1>
</HTML>
----------------------------------------------------------
ÀÌ·¸°Ô ¸¸µé°í À§ÀÇ html ÆÄÀÏÀ» À¥ºê¶ó¿ìÀú·Î È£ÃâÇغ¸¼¼¿ä.
¹°·Ð /home/user1/public_html/test/foo.gif ÆÄÀÏÀÌ ÀÖ¾î¾ß
°ÚÁö¿ä
µð¹ö±ëÇÏ´Â ¹æ¹ýÀº
actimg.php ÆÄÀÏ¿¡¼ readfile($img); ÀÌ ºÎºÐÀ»
Áö¿ï¶§¿Í Àû¿ëÇÒ¶§ ¾î¶»°Ô ºê¶ó¿ìÀú¿¡ ³ªÅ¸³ª´ÂÁö ¼·Î ºñ±³ÇØ
º¸¸é µÉ°Ì´Ï´Ù.
>
>
>//--- ÷ºÎ//---
>
>[Tue Sep 23 18:59:02 2003] [error] [client 218.39.201.56] File does not exist:
/usr/local/httpd/htdocs/test/actimg.php/aa/a.jpg, referer: http://61.100.5.66/test.php
>
>
>
>AddHandler chk-image .gif .png .jpg .jpeg .swf
>Action chk-image /actimg.php
>
>ÀÌ·¸°Ô ¼³Á¤ÇÏ°í,
>
>DocumentRoot/actimg.php ÆÄÀÏ¿¡ ´ÙÀ½°ú °°Àº ºñ½ÁÇÑ ¹æ¹ýÀ¸·Î üũÇÏ°í
>À̹ÌÁö¸¦ Ŭ¶óÀ̾ðÆ®¿¡°Ô Àü¼ÛÇÏ¸é µË´Ï´Ù.
>
><?php
>## get file extension(tail)
>##
>function get_ftail($file)
>{
>$tail = substr(strrchr($file,'.'),1);
>return strtolower($tail);
>}
>
>function get_stype($ftail)
>{
>$stype = array
>(
>'gif' => 'image/gif',
>'jpg' => 'image/jpeg',
>'jpeg' => 'image/jpeg',
>'png' => 'image/png',
>'swf' => 'application/x-shockwave-flash',
>);
>
>return $stype[$ftail];
>}
>
>if(!preg_match(";$_SERVER[HTTP_HOST];",$_SERVER[HTTP_REFERER]))
>{ exit; }
>
>if(!file_exists($img=$_SERVER[PATH_TRANSLATED]))
>{ exit; }
>
>## ±×¿Ü $_COOKIE µîµî üũ
>
>$header = get_stype(get_ftail($_SERVER[PATH_INFO]));
>
>header('Content-type:'.$header);
>
>readfile($img);
>
>exit; // don't print any messages
>?>
========================================
|