![](\"https:\/\/image4.happycampus.com\/Production\/thumb212\/2024\/03\/15\/data29543483-0001.jpg\")
![](\"https:\/\/image4.happycampus.com\/Production\/thumb212\/2024\/03\/15\/data29543483-0002.jpg\")
<\/p>\n<\/p>\n
\ubaa9\ucc28<\/strong><\/p>\n 1. Use After Free(UAF) : 416 2. SSRF(Cross-Site Request Forgery) : 918 3. OS Command Injection : 78 \ubcf8\ubb38\ub0b4\uc6a9<\/strong><\/p>\n 1) UAF : \ud574\uc81c\ub41c \uba54\ubaa8\ub9ac \uc601\uc5ed\uc744 \uc7ac\uc0ac\uc6a9\ud560 \ub54c \ubc1c\uc0dd\ud558\ub294 \ubcf4\uc548 \uc57d\uc810 2) UAF \uacf5\uaca9\uc774 \ubc1c\uc0dd\ud560 \ub54c\uc758 \ubb38\uc81c\uc810
\n1) UAF : \ud574\uc81c\ub41c \uba54\ubaa8\ub9ac \uc601\uc5ed\uc744 \uc7ac\uc0ac\uc6a9\ud560 \ub54c \ubc1c\uc0dd\ud558\ub294 \ubcf4\uc548 \uc57d\uc810
\n2) UAF \uacf5\uaca9\uc774 \ubc1c\uc0dd\ud560 \ub54c\uc758 \ubb38\uc81c\uc810
\n3) \uc608\uc2dc \ucf54\ub4dc<\/p>\n
\n1) SSRF
\n2) SSRF \uacf5\uaca9\uc774 \ubc1c\uc0dd\ud560 \ub54c\uc758 \ubb38\uc81c\uc810
\n3) \u2018\uce90\ud53c\ud0c8 \uc6d0\u2019<\/p>\n
\n1) OS Command Injection
\n2) OS Command Injection\uc774 \ubc1c\uc0dd\ud560 \ub54c\uc758 \ubb38\uc81c\uc810
\n3) php \ucf54\ub4dc \uc608\uc2dc<\/p>\n
\nHeap \uc601\uc5ed(\uac1c\ubc1c\uc790\uac00 \ub3d9\uc801\uc73c\ub85c \uba54\ubaa8\ub9ac\ub97c \ud560\ub2f9\ud558\uc5ec \uc0ac\uc6a9\ud558\ub294 \uacf5\uac04)\uc5d0\uc11c \uc77c\uc5b4\ub098\ub294 \ubb38\uc81c \ub85c, Heap \ub0b4\uc5d0 \ud574\uc81c\ub41c \uba54\ubaa8\ub9ac \uacf5\uac04\uc774 \uc0c8\ub85c\uc6b4 \ud3ec\uc778\ud130\uc5d0 \ud560\ub2f9\ub420 \uacbd\uc6b0 \uadf8 \ud3ec\uc778\ud130\uac00 \uc601 \uc5ed \ub0b4\uc5d0 \uac12\uacfc \uc8fc\uc18c \uac12\uc744 \uc0ac\uc6a9\ud560 \uc218 \uc788\uac8c \ub418\uc5b4 \ubc1c\uc0dd\ud55c\ub2e4.<\/p>\n
\n\uc784\uc758\uc758 \uba54\ubaa8\ub9ac\uac00 \ud560\ub2f9\ub41c \ud3ec\uc778\ud130\uac00 \uc788\ub2e4\uace0 \uac00\uc815\ud558\uace0, \ud574\ub2f9 \ud3ec\uc778\ud130\uac00 free\ub97c \ud558\uba74 \ud560\ub2f9 \ub41c \uba54\ubaa8\ub9ac \ud560\ub2f9\uc740 \ud574\uc81c\ub41c\ub2e4. \ud558\uc9c0\ub9cc \ud574\uc81c\ub41c \ud6c4 \ub2e4\ub978 \ud3ec\uc778\ud130\uac00 \uac19\uc740 \uba54\ubaa8\ub9ac \ud06c\uae30\uc758 \uc601 \uc5ed\uc744 \ud560\ub2f9\ubc1b\ub294\ub2e4\uace0 \ud560 \ub54c, Heap\uc740 \ud574\uc81c\ub418\uc5c8\ub358 \uba54\ubaa8\ub9ac \uc601\uc5ed\uc744 \ud560\ub2f9\ud560 \uc218 \uc788\ub2e4. \uc774\ub54c \uc0c8\ub85c\uc6b4 \ud3ec\uc778\ud130\ub294 \uc774\uc804\uc5d0 \uc800\uc7a5\ub418\uc5c8\ub358 \uc8fc\uc18c\uc640 \uac12\uc744 \ucc38\uc870\ud560 \uc218 \uc788\ub2e4.<\/p>\n