From 002e43e5fb84b465357b445772c881e196e100d3 Mon Sep 17 00:00:00 2001 From: thisgun Date: Thu, 28 Aug 2025 13:35:14 +0900 Subject: [PATCH] =?UTF-8?q?XSS=20=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/view_comment.php | 2 +- lib/common.lib.php | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/bbs/view_comment.php b/bbs/view_comment.php index f7cb5d087..8c83090d9 100644 --- a/bbs/view_comment.php +++ b/bbs/view_comment.php @@ -7,7 +7,7 @@ if ($is_guest && $board['bo_comment_level'] < 2) { $captcha_html = captcha_html('_comment'); } -$c_id = isset($_GET['c_id']) ? clean_xss_tags($_GET['c_id'], 1, 1) : ''; +$c_id = isset($_GET['c_id']) ? preg_replace('/[\'",]/', '', clean_xss_tags($_GET['c_id'], 1, 1)) : ''; $c_wr_content = ''; @include_once($board_skin_path.'/view_comment.head.skin.php'); diff --git a/lib/common.lib.php b/lib/common.lib.php index a7ab4197c..ddb8bbace 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -3429,6 +3429,12 @@ function clean_xss_tags($str, $check_entities=0, $is_remove_tags=0, $cur_str_len $result = preg_replace('#([^\p{L}]|^)(?:javascript|jar|applescript|vbscript|vbs|wscript|jscript|behavior|mocha|livescript|view-source)\s*:(?:.*?([/\\\;()\'">]|$))#ius', '$1$2', $result); + // 이벤트 핸들러 속성 제거 (예: onclick=, onerror= 등) + $result = preg_replace('/on\w+\s*=\s*(".*?"|\'.*?\'|[^\s>]+)/i', '', $result); + + // 속성 제거 (CSS 기반 인젝션 차단) + $result = preg_replace('/\s*style\s*=\s*(".*?"|\'.*?\'|[^\s>]+)/i', '', $result); + if((string)$result === (string)$str) break; $str = $result;