PHP - File Access Bruteforce에 자주 사용되는 패턴
해당 패턴으로 스캐닝 활동에도 자주 사용됨
이런 패턴이 자주 탐지되었을 때 정상적인 통신 유무를 확인하고 적절한 대응이 필요함
/123131/index.php
/1/index.php
/321/index.php
/3c20c879/admin.php
/_404.php
/404.php
/admin/api.php?version
/admin/index.php
/administrator/webconfig.txt.php
/admin/mysql2/index.php
/admin/mysql/index.php
/admin/phpmyadmin2/index.php
/admin/phpmyadmin/index.php
/admin/phpMyAdmin/index.php
/admin/pma/index.php
/admin/PMA/index.php
/bbs/index.php
/blog/xmlrpc.php
/cacti/plugins/weathermap/editor.php
/claroline/phpMyAdmin/index.php
/data/admin/help.php
/dbadmin/index.php
/db/index.php
/download/index.php
/errors/processor.php
/forum/index.php
/forums/index.php
/html/public/index.php
/images/1ndex.php
/images/1.php
/images/asp.php
/images/attari.php
/images/defau1t.php
/images/entyy.php
/images/jsspwneed.php
/images/!.php
/images/stories/cmd.php
/images/stories/filemga.php?ssp=RfVbHu
/images/swfupload/tags.php
/images/up.php
/images/vuln.php
/include/data/tags.php
/include/tags.php
/install/lib/ajaxHandlers/ajaxServerSettingsChk.php?rootUname=3Becho20-n20HellorConfig7Cmd5sum2023
/myadmin2/index.php
/myadmin/index.php
/MyAdmin/index.php
/myadmin/scripts/db___.init.php
/MyAdmin/scripts/db___.init.php
/myadmin/scripts/setup.php
/MyAdmin/scripts/setup.php
/mysql-admin/index.php
/mysql/admin/index.php
/mysql_admin/index.php
/mysqladmin/index.php
/MySQLAdmin/index.php
/mysql/dbadmin/index.php
/mysql/index.php
/mysql/mysqlmanager/index.php
/mysql/sqlmanager/index.php
/php2MyAdmin/index.php
/phpadmin/index.php
/phpiMyAdmin/index.php
/phpmadmin/index.php
/phpma/index.php
/phpMyAbmin/index.php
/phpmyadm1n/index.php
/phpMyAdm1n/index.php
/phpMyadmi/index.php
/phpmyadmin0/index.php
/phpMyAdmin_111/index.php
/phpMyAdmin123/index.php
/phpmyadmin1/index.php
/phpMyAdmin1/index.php
/phpmyadmin2222/index.php
/phpmyadmin2/index.php
/phpMyAdmin._2/index.php
/phpmyadmin3333/index.php
/phpMyAdmin333/index.php
/phpMyAdmin-4.4.0/index.php
/phpMyAdmin4.8.0/index.php
/phpMyAdmin4.8.1/index.php
/phpMyAdmin4.8.2/index.php
/phpMyAdmin4.8.3/index.php
/phpMyAdmin4.8.4/index.php
/phpMyAdmin4.8.5/index.php
/phpMyAdmin_ai/index.php
/phpMyAdmina/index.php
/phpMyadmin_bak/index.php
/phpMyAdminhf/index.php
/phpmyadmin/index.php
/__phpMyAdmin/index.php
/phpMyAdmin+++—/index.php
/phpMyAdmin._/index.php
/phpMyAdmin__/index.php
/phpMyAdminn/index.php
/phpmyadmin-old/index.php
/phpMyAdmin.old/index.php
/phpMyAdminold/index.php
/phpmyadmin/phpmyadmin/index.php
/phpMyAdmin/phpMyAdmin/index.php
/phpmyadmin/scripts/db___.init.php
/phpMyAdmin/scripts/db___.init.php
/phpmyadmin/scripts/setup.php
/phpMyAdmin/scripts/setup.php
/phpMyAdmins/index.php
/phpMyAdmion/index.php
/phpMyAdmln/index.php
/phpMydmin/index.php
/phpNyAdmin/index.php
/phppma/index.php
/plugins/weathermap/editor.php
/plus/90sec.php
/plus/bakup.php
/plus/canshi.php
/plus/dajihi.php
/plus/e7xue.php
/plus/gu.php
/plus/huai.php
/plus/laobiaoaien.php
/plus/laobiao.php
/plus/lucas.php
/plus/ma.php
/plus/moon.php
/plus/mybak.php
/plus/mytag.php
/plus/qiang.php
/plus/read.php
/plus/result.php
/plus/service.php
/plus/shaoyong.php
/plus/tou.php
/plus/xsvip.php
/plus/yunjitan.php
/PMA2/index.php
/pma/index.php
/PMA/index.php
/pmamy2/index.php
/pmamy/index.php
/pma-old/index.php
/pma/scripts/db___.init.php
/PMA/scripts/db___.init.php
/pma/scripts/setup.php
/PMA/scripts/setup.php
/pmd/index.php
/program/index.php
/public/index.php
/pwd/index.php
/sbb/index.php
/scripts/db___.init.php
/scripts/setup.php
/shaAdmin/index.php
/shopdb/index.php
/s/index.php
/sqladmin/index.php
/sql/index.php
/SQL/index.php
/test404.php
/thinkphp/html/public/index.php
/tools/phpMyAdmin/index.php
/TP/html/public/index.php
/TP/index.php
/TP/public/index.php
/typo3/phpmyadmin/index.php
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/v/index.php
/weathermap/editor.php
/web/phpMyAdmin/index.php
/websql/index.php
/wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php
/wp-includes/css/modules.php
/wp-includes/css/wp-config.php
/wp-includes/css/wp-login.php
/wp-includes/fonts/modules.php
/wp-includes/fonts/wp-config.php
/wp-includes/fonts/wp-login.php
/wp-includes/modules/modules.php
/wp-includes/modules/wp-config.php
/wp-includes/modules/wp-login.php
/www/phpMyAdmin/index.php
/WWW/phpMyAdmin/index.php
/xampp/phpmyadmin/index.php
'IT 보안' 카테고리의 다른 글
| IOC와 TTP 차이점 (0) | 2024.08.29 |
|---|---|
| 아파치 톰캣 Apache Tomcat 보안 조치 가이드 (0) | 2024.08.29 |
| Typosquatting (타이포스쿼팅) 설명 (0) | 2024.08.29 |
| Credential Stuffing Brute-force Attack 공격과 비교 설명 (0) | 2024.08.29 |
| 사회공학기법 (Social Engineering) 스파이웨어 (Spyware) 설명 (0) | 2024.08.29 |