{"id":376,"date":"2019-08-13T03:21:44","date_gmt":"2019-08-12T18:21:44","guid":{"rendered":"https:\/\/blog.rubiya.kr\/?p=376"},"modified":"2019-08-13T06:33:04","modified_gmt":"2019-08-12T21:33:04","slug":"host-split-attack","status":"publish","type":"post","link":"https:\/\/blog.rubiya.kr\/index.php\/2019\/08\/13\/host-split-attack\/","title":{"rendered":"Host split attack"},"content":{"rendered":"\n

BlackHat, Defcon \uc2dc\uc98c\uc774 \ub05d\ub0ac\uc2b5\ub2c8\ub2e4. \ube14\ub799\ud587 USA\ub294 \uc138\uacc4\uc5d0\uc11c \uac00\uc7a5 \ud070 \ud574\ud0b9 \ucee8\ud37c\ub7f0\uc2a4\uc778\ub9cc\ud07c, \ub9e4\ub144 \ud765\ubbf8\ub85c\uc6b4 \ubc1c\ud45c\uac00 \uc788\uae30 \ub9c8\ub828\uc774\uc8e0.<\/p>\n\n\n\n

\uc62c\ud574\uc5d0\ub294 MS\uc758 \ud55c \uc5f0\uad6c\uc6d0\uc774 Host split attack<\/a> \uc774\ub77c\ub294 \ubc1c\ud45c\ub97c \ub0b4\ub193\uc558\ub294\ub370 \ub0b4\uc6a9\uc774 \uc7ac\ubbf8\uc788\uc5b4 \uc815\ub9ac\ud574\uc11c \uc62c\ub9bd\ub2c8\ub2e4.<\/p>\n\n\n\n

\uc774 \uacf5\uaca9\uc744 \uc774\ud574\ud558\uae30 \uc704\ud574\uc11c\ub294 \uba3c\uc800 IDN(Internationalized Domain Name)\uc5d0 \ub300\ud574\uc11c \uc774\ud574\ub97c \ud574\uc57c\ud569\ub2c8\ub2e4.
IDN\uc740 \uc544\uc2a4\ud0a4\ucf54\ub4dc\uac00 \uc544\ub2cc \ub2e4\ub978 \ubb38\uc790\ub97c \ud3ec\ud568\ud558\ub294 \ub3c4\uba54\uc778\uc744 \uc758\ubbf8\ud558\ub294\ub370, \uac00\ub054 \ubcf4\uc774\ub294 \uc5b4\uca4c\uad6c.\ud55c\uad6d<\/a> \uac19\uc740 \ub3c4\uba54\uc778 \uc5ed\uc2dc \ud55c\uae00\uc740 \uc544\uc2a4\ud0a4\ucf54\ub4dc\uac00 \uc544\ub2c8\ubbc0\ub85c IDN\uc785\ub2c8\ub2e4.
\uc774 IDN\uc740 \ub2e8\uc9c0 \uc6b0\ub9ac\uc5d0\uac8c \ud45c\uc2dc\ub420\ub54c\ub9cc \uc0ac\uc6a9\ub418\uace0 \uc2e4\uc81c \ud1b5\uc2e0\uc744 \ud560 \ub54c\uc5d0\ub294 dns query, \uadf8 \ud6c4\uc758 HTTP \ud1b5\uc2e0\ub4f1\uc744 \uc704\ud574\uc11c \uacb0\uad6d \uc544\uc2a4\ud0a4\ucf54\ub4dc\ub85c \ubcc0\ud658\ub429\ub2c8\ub2e4.
\uc544\uc2a4\ud0a4\ucf54\ub4dc\ub85c \ubcc0\ud658\ud558\ub294 \ubc29\ubc95\uc740 1. Normalization 2. Punycoding \uc785\ub2c8\ub2e4.<\/p>\n\n\n\n

Punycode\ub294 \uc544\ub9c8 \ud55c \ubc88\ucbe4 \ub4e4\uc5b4\ubcf4\uc168\uc744 \uac83 \uac19\uc2b5\ub2c8\ub2e4.
\uc9c0\uc815\ub41c \uaddc\uce59\uc5d0 \ub530\ub77c\uc11c \uc544\uc2a4\ud0a4\ucf54\ub4dc\uac00 \uc544\ub2cc \ubb38\uc790\uc5f4\ub4e4\uc744 \uc544\uc2a4\ud0a4\ubb38\uc790\uc5f4\ub85c \uce58\ud658\ud558\uba70, \uce58\ud658\ub41c \ubb38\uc790\uc5f4\uc740 xn-- \uc73c\ub85c \uc2dc\uc791\ud558\ub294 \uc811\ub450\uc5b4\ub97c \uac00\uc9d1\ub2c8\ub2e4.
\uc608\ub97c\ub4e4\uc5b4 \ub8e8\ube44\uc57c.kr<\/a> \uc740 xn--2s2b21ho6g.kr \uc640 \ub3d9\uc77c\ud55c \ub3c4\uba54\uc778\uc785\ub2c8\ub2e4.
\u0451<\/strong> \uac19\uc740 \ud0a4\ub9b4\ubb38\uc790, \uadf8\ub9ac\uc2a4\ubb38\uc790 \ub4f1\uc744 \uc0ac\uc6a9\ud55c \ud53c\uc2f1\uc774 \uc774\uc288\uac00 \ub418\uae30\ub3c4 \ud588\uc5c8\uc2b5\ub2c8\ub2e4. nav\u0451<\/strong>r.com \uac19\uc740 \ub3c4\uba54\uc778\uc740 \uc815\uc2e0\uc904\ub193\uace0 \ub09a\uc774\uae30 \ub531 \uc88b\uc8e0.<\/p>\n\n\n\n

\uadf8\ub7f0\ub370 punycode\ub294 2\uc21c\uc704\uc774\uace0 1\uc21c\uc704\uc5d0\ub294 Normalization \uc774\ub77c\ub294 \ucc98\uc74c \ubcf4\ub294 \ub3d9\uc791\uc774 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Normalization\uc740 \uc704\uc640 \uac19\uc774 \uc720\ub2c8\ucf54\ub4dc\uc758 \uacbd\uc6b0\uc758 \uc218\ub97c \uc904\uc774\ub294 \uac83 \uac19\uc774 \ubcf4\uc785\ub2c8\ub2e4.
\uc880 \ub354 \uc790\uc138\ud788 \uc54c\uae30 \uc704\ud574\uc11c \ub808\ud37c\ub7f0\uc2a4\ub97c \ud655\uc778\ud574\ubd05\uc2dc\ub2e4. <\/a>http:\/\/unicode.org\/reports\/tr15\/<\/a><\/p>\n\n\n\n
Font variants<\/td>\u210c<\/td>\u2192<\/td>H<\/td><\/tr>
<\/td>\u210d<\/td>\u2192<\/td>H<\/td><\/tr><\/tbody><\/table>\n\n\n\n

\uadf8\ub807\ub2e4\ub124\uc694. <\/a><\/a>http:\/\/web\u210dacking.kr\/<\/a> \uc5d0 \uc811\uc18d\ud574\ubcf4\uba74 \uc2e4\uc81c\ub85c \ube0c\ub77c\uc6b0\uc800\uc5d0\uc11c normalization\uc744 \uc218\ud589\ud574 \u210d\uac00 H\ub85c \ubc14\ub00c\uba70 \uc798 \uc811\uc18d\ub418\ub294\uac83\uc744 \ubcfc \uc218 \uc788\uc2b5\ub2c8\ub2e4.
local\u210dost \ub4f1\uc73c\ub85c \uc751\uc6a9\ud560 \uc218 \uc788\uaca0\ub124\uc694.<\/p>\n\n\n\n

\uba87 \uac00\uc9c0 \uc608\uc81c\uac00 \ub354 \uc788\ub294\ub370 \ucb49 \ub0b4\ub9ac\ub2e4\ubcf4\uba74 \uc774\ub7f0\uac8c \ubcf4\uc785\ub2c8\ub2e4.<\/p>\n\n\n\n
Fractions<\/td>\u00bc<\/td>\u2192<\/td>1\/4<\/td><\/tr><\/tbody><\/table>\n\n\n\n

\u00bc\uc740 1\/4\ub85c normalization \ub41c\ub2e4\uace0 \ud569\ub2c8\ub2e4.
\uc870\uae08 \ub354 \ud65c\uc6a9\ud558\uae30 \uc26c\uc6b4 \uc608\uc2dc\ub85c \u2100\ub294 a\/c\uac00 \ub41c\ub2e4\uace0 \ud569\ub2c8\ub2e4.
??? \ubb54\uac00 \uc774\uc0c1\ud569\ub2c8\ub2e4.<\/p>\n\n\n\n

\uadf8\ub7fc http:\/\/evil.c\u2100.example.com<\/strong> \uc5d0 \uc811\uc18d\ud574\uc11c \ube0c\ub77c\uc6b0\uc800\uac00 normalization\uc744 \uc218\ud589\ud558\uba74…
URL\uc740 http:\/\/evil.ca\/c.example.com<\/strong> \uc774 \ub429\ub2c8\ub2e4.<\/p>\n\n\n\n

\"\uad00\ub828<\/figure>\n\n\n\n

Edge, IE, .Net, Python, Java \ub4f1\uc5d0\uc11c \ud574\ub2f9 \ucde8\uc57d\uc810\uc774 \ubc1c\uacac\ub418\uc5c8\uc9c0\ub9cc \ud328\uce58\uac00 \uc644\ub8cc\ub41c \uc0c1\ud0dc\uc785\ub2c8\ub2e4. \uc6f9\ud574\ucee4\ub4e4\uc758 \uce5c\uad6c\uc778 Fiddler \ud504\ub85d\uc2dc \uc5ed\uc2dc .Net\uc744 \uc0ac\uc6a9\ud574 \uac1c\ubc1c\ub418\uc5c8\uae30\uc5d0 \ub3d9\uc77c\ud55c \ucde8\uc57d\uc810\uc774 \ubc1c\uc0dd\ud588\ub2e4\uace0 \ud569\ub2c8\ub2e4.
\ub2e4\ub9cc \ud328\uce58\uac00 \ub418\uc5c8\ub2e4\uace0 \ud574\ub3c4 normalization\uc740 \ubc84\uadf8\uac00 \uc544\ub2cc \uc815\uc0c1\uc801\uc778 \ud589\ub3d9\uc774\uae30\uc5d0 \ud574\ub2f9 \uacf5\uaca9\uc774 \ubc1c\ud45c\ub41c\uc9c0 1\uc8fc\uc77c\ub3c4 \uc548\ub41c \ud604 \uc2dc\uc810\uc5d0\uc11c \uc5b4\ub5a4 \ub77c\uc774\ube0c\ub7ec\ub9ac\uc5d0\uc11c \ub611\uac19\uc740 \ucde8\uc57d\uc810\uc774 \ud130\uc9c8\uc9c0 \uc54c \uc218 \uc5c6\uc2b5\ub2c8\ub2e4. \uc9c1\uc811 \ud14c\uc2a4\ud2b8 \ud574\ubcf4\ub294 \uc218 \ubc16\uc5d0\uc694.<\/p>\n\n\n\n

\uc774 \ucde8\uc57d\uc810\uc774 \ub354 \uc2ec\uac01\ud55c \uc774\uc720\ub294 \uac1c\ubc1c\uc790\ub4e4\uc774 URL\uc758 Host\ub97c \uac80\uc0ac\ud560 \ub54c \ub204\uad6c\ub3c4 normalization\uc744 \uc218\ud589\ud55c\ucc44\ub85c \uac80\uc0ac\ud558\uc9c0 \uc54a\uae30 \ub54c\ubb38\uc785\ub2c8\ub2e4.(\ubd84\uba85 \uc774 \uae00\uc744 \uc77d\ub294 \ub3c5\uc790\ubd84\ub3c4…)
Open Redirect, SSRF \ub4f1\uc5d0 \uc545\uc6a9\uc774 \uac00\ub2a5\ud558\uba70, \ubc1c\ud45c\uc790\ub294 OAuth\ub97c \uae68\ub294\ub370\uc5d0 \ud06c\ub9ac\ud2f0\uceec\ud558\uac8c \uc791\ub3d9\ud560 \uc218 \uc788\ub2e4\uace0 \uc8fc\uc7a5\ud558\uace0 \uc788\uc9c0\ub9cc \uc0ac\uc2e4 \uc774\uac74 \uadf8\ub0e5 Host Spoofing \uae30\ubc95 \uc911 \ud558\ub098\uc77c \ubfd0 OAuth\uc5d0 \ub354 \uce58\uba85\uc801\uc774\uac70\ub098 \ud558\uc9c4 \uc54a\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n\n

\ub9c8\ubb34\ub9ac\ub85c \ube44\uc2b7\ud55c \ud6a8\uacfc\ub97c \ub0bc \uc218 \uc788\ub294 \uc608\uc2dc\ub4e4\uc744 \ub354 \uc18c\uac1c\ud558\uba70 \ub05d\ub9c8\uce69\ub2c8\ub2e4.<\/p>\n\n\n\n
U+2048 \u2048<\/td> U+FF1A\uff1a<\/td><\/tr>
U+FF0F \uff0f<\/td> U+2488 \u2488<\/td><\/tr>
U+FF03\uff03<\/td> U+FE47 \ufe47<\/td><\/tr>
U+FF20 \uff20<\/td>etc…<\/td><\/tr><\/tbody><\/table>\n\n\n\n

P.S. \uc800\ub294 \uc9c0\uae08 \ud53c\uc528\ubc29\uc5d0\uc11c \uc774 \uae00\uc744 \uc4f0\uace0\uc788\ub294\ub370 IE\uc5d0\uc11c http:\/\/\u2488rubiya.kr \uc744 \uc811\uc18d\ud558\ub2c8 http:\/\/1.rubiya.kr \ub85c \uc798 \uc811\uc18d\ub429\ub2c8\ub2e4. \uc2e4\uc81c\ub85c \ubcf4\ub2c8\uae4c \ucda9\uaca9\uacfc \uacf5\ud3ec\ub124\uc694…<\/p>\n","protected":false},"excerpt":{"rendered":"

BlackHat, Defcon \uc2dc\uc98c\uc774 \ub05d\ub0ac\uc2b5\ub2c8\ub2e4. \ube14\ub799\ud587 USA\ub294 \uc138\uacc4\uc5d0\uc11c \uac00\uc7a5 \ud070 \ud574\ud0b9 \ucee8\ud37c\ub7f0\uc2a4\uc778\ub9cc\ud07c, \ub9e4\ub144 \ud765\ubbf8\ub85c\uc6b4 \ubc1c\ud45c\uac00 \uc788\uae30 \ub9c8\ub828\uc774\uc8e0. \uc62c\ud574\uc5d0\ub294 MS\uc758 \ud55c \uc5f0\uad6c\uc6d0\uc774 Host split attack \uc774\ub77c\ub294 \ubc1c\ud45c\ub97c \ub0b4\ub193\uc558\ub294\ub370 \ub0b4\uc6a9\uc774 \uc7ac\ubbf8\uc788\uc5b4 \uc815\ub9ac\ud574\uc11c \uc62c\ub9bd\ub2c8\ub2e4. \uc774 \uacf5\uaca9\uc744 \uc774\ud574\ud558\uae30 \uc704\ud574\uc11c\ub294 \uba3c\uc800 IDN(Internationalized Domain Name)\uc5d0 \ub300\ud574\uc11c \uc774\ud574\ub97c \ud574\uc57c\ud569\ub2c8\ub2e4.IDN\uc740 \uc544\uc2a4\ud0a4\ucf54\ub4dc\uac00 \uc544\ub2cc \ub2e4\ub978 \ubb38\uc790\ub97c \ud3ec\ud568\ud558\ub294 \ub3c4\uba54\uc778\uc744 \uc758\ubbf8\ud558\ub294\ub370, \uac00\ub054 \ubcf4\uc774\ub294 \uc5b4\uca4c\uad6c.\ud55c\uad6d \uac19\uc740 \ub3c4\uba54\uc778 \uc5ed\uc2dc \ud55c\uae00\uc740 \uc544\uc2a4\ud0a4\ucf54\ub4dc\uac00 \uc544\ub2c8\ubbc0\ub85c IDN\uc785\ub2c8\ub2e4.\uc774 IDN\uc740 \ub2e8\uc9c0 \uc6b0\ub9ac\uc5d0\uac8c \ud45c\uc2dc\ub420\ub54c\ub9cc \uc0ac\uc6a9\ub418\uace0 \uc2e4\uc81c \ud1b5\uc2e0\uc744 \ud560 \ub54c\uc5d0\ub294 dns query, \uadf8 \ud6c4\uc758 HTTP \ud1b5\uc2e0\ub4f1\uc744 \uc704\ud574\uc11c \uacb0\uad6d \uc544\uc2a4\ud0a4\ucf54\ub4dc\ub85c \ubcc0\ud658\ub429\ub2c8\ub2e4.\uc544\uc2a4\ud0a4\ucf54\ub4dc\ub85c \ubcc0\ud658\ud558\ub294 \ubc29\ubc95\uc740 1. Normalization 2. Punycoding \uc785\ub2c8\ub2e4. Punycode\ub294 \uc544\ub9c8 \ud55c \ubc88\ucbe4 \ub4e4\uc5b4\ubcf4\uc168\uc744 \uac83 \uac19\uc2b5\ub2c8\ub2e4.\uc9c0\uc815\ub41c \uaddc\uce59\uc5d0 \ub530\ub77c\uc11c \uc544\uc2a4\ud0a4\ucf54\ub4dc\uac00 \uc544\ub2cc \ubb38\uc790\uc5f4\ub4e4\uc744 \uc544\uc2a4\ud0a4\ubb38\uc790\uc5f4\ub85c \uce58\ud658\ud558\uba70, \uce58\ud658\ub41c \ubb38\uc790\uc5f4\uc740 xn-- \uc73c\ub85c \uc2dc\uc791\ud558\ub294 \uc811\ub450\uc5b4\ub97c \uac00\uc9d1\ub2c8\ub2e4.\uc608\ub97c\ub4e4\uc5b4 \ub8e8\ube44\uc57c.kr \uc740 xn--2s2b21ho6g.kr \uc640 \ub3d9\uc77c\ud55c \ub3c4\uba54\uc778\uc785\ub2c8\ub2e4.\u0451 \uac19\uc740 \ud0a4\ub9b4\ubb38\uc790, \uadf8\ub9ac\uc2a4\ubb38\uc790 \ub4f1\uc744 \uc0ac\uc6a9\ud55c \ud53c\uc2f1\uc774 \uc774\uc288\uac00 \ub418\uae30\ub3c4 \ud588\uc5c8\uc2b5\ub2c8\ub2e4. nav\u0451r.com \uac19\uc740 \ub3c4\uba54\uc778\uc740 \uc815\uc2e0\uc904\ub193\uace0 \ub09a\uc774\uae30 \ub531 \uc88b\uc8e0. \uadf8\ub7f0\ub370 punycode\ub294 2\uc21c\uc704\uc774\uace0 1\uc21c\uc704\uc5d0\ub294 Normalization \uc774\ub77c\ub294 \ucc98\uc74c \ubcf4\ub294 \ub3d9\uc791\uc774 \uc788\uc2b5\ub2c8\ub2e4. Normalization\uc740 \uc704\uc640 \uac19\uc774 \uc720\ub2c8\ucf54\ub4dc\uc758 \uacbd\uc6b0\uc758 \uc218\ub97c \uc904\uc774\ub294 \uac83 \uac19\uc774 \ubcf4\uc785\ub2c8\ub2e4.\uc880 \ub354 \uc790\uc138\ud788 \uc54c\uae30 \uc704\ud574\uc11c \ub808\ud37c\ub7f0\uc2a4\ub97c \ud655\uc778\ud574\ubd05\uc2dc\ub2e4. http:\/\/unicode.org\/reports\/tr15\/ Font variants \u210c \u2192 H \u210d \u2192 H \uadf8\ub807\ub2e4\ub124\uc694. http:\/\/web\u210dacking.kr\/ \uc5d0 \uc811\uc18d\ud574\ubcf4\uba74 \uc2e4\uc81c\ub85c \ube0c\ub77c\uc6b0\uc800\uc5d0\uc11c normalization\uc744 \uc218\ud589\ud574 \u210d\uac00 H\ub85c \ubc14\ub00c\uba70 \uc798 \uc811\uc18d\ub418\ub294\uac83\uc744 \ubcfc \uc218 \uc788\uc2b5\ub2c8\ub2e4.local\u210dost \ub4f1\uc73c\ub85c \uc751\uc6a9\ud560 \uc218 \uc788\uaca0\ub124\uc694. \uba87 \uac00\uc9c0 \uc608\uc81c\uac00 \ub354 \uc788\ub294\ub370 \ucb49 \ub0b4\ub9ac\ub2e4\ubcf4\uba74 \uc774\ub7f0\uac8c \ubcf4\uc785\ub2c8\ub2e4. Fractions \u00bc \u2192 1\/4 \u00bc\uc740 1\/4\ub85c normalization \ub41c\ub2e4\uace0 \ud569\ub2c8\ub2e4.\uc870\uae08 \ub354 \ud65c\uc6a9\ud558\uae30 \uc26c\uc6b4 \uc608\uc2dc\ub85c \u2100\ub294 a\/c\uac00 \ub41c\ub2e4\uace0 \ud569\ub2c8\ub2e4.??? \ubb54\uac00 \uc774\uc0c1\ud569\ub2c8\ub2e4. \uadf8\ub7fc http:\/\/evil.c\u2100.example.com \uc5d0 \uc811\uc18d\ud574\uc11c \ube0c\ub77c\uc6b0\uc800\uac00 normalization\uc744 \uc218\ud589\ud558\uba74…URL\uc740 http:\/\/evil.ca\/c.example.com \uc774 \ub429\ub2c8\ub2e4. Edge, IE, .Net, Python, Java \ub4f1\uc5d0\uc11c \ud574\ub2f9 \ucde8\uc57d\uc810\uc774 \ubc1c\uacac\ub418\uc5c8\uc9c0\ub9cc \ud328\uce58\uac00 \uc644\ub8cc\ub41c \uc0c1\ud0dc\uc785\ub2c8\ub2e4. \uc6f9\ud574\ucee4\ub4e4\uc758 \uce5c\uad6c\uc778 Fiddler \ud504\ub85d\uc2dc \uc5ed\uc2dc .Net\uc744 \uc0ac\uc6a9\ud574 \uac1c\ubc1c\ub418\uc5c8\uae30\uc5d0 \ub3d9\uc77c\ud55c \ucde8\uc57d\uc810\uc774 \ubc1c\uc0dd\ud588\ub2e4\uace0 \ud569\ub2c8\ub2e4.\ub2e4\ub9cc \ud328\uce58\uac00 \ub418\uc5c8\ub2e4\uace0 \ud574\ub3c4 normalization\uc740 \ubc84\uadf8\uac00 \uc544\ub2cc \uc815\uc0c1\uc801\uc778 \ud589\ub3d9\uc774\uae30\uc5d0 \ud574\ub2f9 \uacf5\uaca9\uc774 \ubc1c\ud45c\ub41c\uc9c0 1\uc8fc\uc77c\ub3c4 \uc548\ub41c \ud604 \uc2dc\uc810\uc5d0\uc11c \uc5b4\ub5a4 \ub77c\uc774\ube0c\ub7ec\ub9ac\uc5d0\uc11c \ub611\uac19\uc740 \ucde8\uc57d\uc810\uc774 \ud130\uc9c8\uc9c0 \uc54c \uc218 \uc5c6\uc2b5\ub2c8\ub2e4. \uc9c1\uc811 \ud14c\uc2a4\ud2b8 \ud574\ubcf4\ub294 \uc218 \ubc16\uc5d0\uc694. \uc774 \ucde8\uc57d\uc810\uc774 \ub354 \uc2ec\uac01\ud55c \uc774\uc720\ub294 \uac1c\ubc1c\uc790\ub4e4\uc774 URL\uc758 Host\ub97c \uac80\uc0ac\ud560 \ub54c \ub204\uad6c\ub3c4 normalization\uc744 \uc218\ud589\ud55c\ucc44\ub85c \uac80\uc0ac\ud558\uc9c0 \uc54a\uae30 \ub54c\ubb38\uc785\ub2c8\ub2e4.(\ubd84\uba85 \uc774 \uae00\uc744 \uc77d\ub294 \ub3c5\uc790\ubd84\ub3c4…)Open Redirect, SSRF \ub4f1\uc5d0 \uc545\uc6a9\uc774 \uac00\ub2a5\ud558\uba70, \ubc1c\ud45c\uc790\ub294 OAuth\ub97c \uae68\ub294\ub370\uc5d0 \ud06c\ub9ac\ud2f0\uceec\ud558\uac8c \uc791\ub3d9\ud560 \uc218 \uc788\ub2e4\uace0 \uc8fc\uc7a5\ud558\uace0 \uc788\uc9c0\ub9cc \uc0ac\uc2e4 \uc774\uac74 \uadf8\ub0e5 Host Spoofing \uae30\ubc95 \uc911 \ud558\ub098\uc77c \ubfd0 OAuth\uc5d0 \ub354 \uce58\uba85\uc801\uc774\uac70\ub098 \ud558\uc9c4 \uc54a\uc2b5\ub2c8\ub2e4. \ub9c8\ubb34\ub9ac\ub85c \ube44\uc2b7\ud55c \ud6a8\uacfc\ub97c \ub0bc \uc218 \uc788\ub294 \uc608\uc2dc\ub4e4\uc744 \ub354 \uc18c\uac1c\ud558\uba70 \ub05d\ub9c8\uce69\ub2c8\ub2e4. U+2048 \u2048 U+FF1A\uff1a U+FF0F \uff0f U+2488 \u2488 U+FF03\uff03 U+FE47 \ufe47 U+FF20 \uff20 etc… P.S. \uc800\ub294 \uc9c0\uae08 \ud53c\uc528\ubc29\uc5d0\uc11c \uc774 \uae00\uc744 \uc4f0\uace0\uc788\ub294\ub370 IE\uc5d0\uc11c http:\/\/\u2488rubiya.kr \uc744 \uc811\uc18d\ud558\ub2c8 http:\/\/1.rubiya.kr \ub85c \uc798 \uc811\uc18d\ub429\ub2c8\ub2e4. \uc2e4\uc81c\ub85c \ubcf4\ub2c8\uae4c \ucda9\uaca9\uacfc \uacf5\ud3ec\ub124\uc694…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.rubiya.kr\/index.php\/wp-json\/wp\/v2\/posts\/376"}],"collection":[{"href":"https:\/\/blog.rubiya.kr\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.rubiya.kr\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.rubiya.kr\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.rubiya.kr\/index.php\/wp-json\/wp\/v2\/comments?post=376"}],"version-history":[{"count":19,"href":"https:\/\/blog.rubiya.kr\/index.php\/wp-json\/wp\/v2\/posts\/376\/revisions"}],"predecessor-version":[{"id":396,"href":"https:\/\/blog.rubiya.kr\/index.php\/wp-json\/wp\/v2\/posts\/376\/revisions\/396"}],"wp:attachment":[{"href":"https:\/\/blog.rubiya.kr\/index.php\/wp-json\/wp\/v2\/media?parent=376"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.rubiya.kr\/index.php\/wp-json\/wp\/v2\/categories?post=376"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.rubiya.kr\/index.php\/wp-json\/wp\/v2\/tags?post=376"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}