From 038affe79835047f096e7c3c68e39bcea31e2064 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Wed, 12 Dec 2018 17:28:55 +0900
Subject: [PATCH] =?UTF-8?q?KVE-2018-1808=20=EC=B7=A8=EC=95=BD=EC=A0=90=20?=
 =?UTF-8?q?=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adm/admin.lib.php | 2 +-
 bbs/alert.php     | 6 +++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/adm/admin.lib.php b/adm/admin.lib.php
index b62164b26..d454f00d4 100644
--- a/adm/admin.lib.php
+++ b/adm/admin.lib.php
@@ -436,7 +436,7 @@ function admin_check_xss_params($params){
 
         if( is_array($value) ){
             admin_check_xss_params($params);
-        } else if ( preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && preg_match('/script.*?\/script/ius', $value) ){
+        } else if ( preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && (preg_match('/script.*?\/script/ius', $value) || preg_match('/onload=.*/ius', $value)) ){
             alert('요청 쿼리에 잘못된 스크립트문장이 있습니다.\\nXSS 공격일수도 있습니다.');
             die();
         }
diff --git a/bbs/alert.php b/bbs/alert.php
index 9d4475203..b1117d347 100644
--- a/bbs/alert.php
+++ b/bbs/alert.php
@@ -67,13 +67,17 @@ history.back();
     <form method="post" action="<?php echo $url ?>">
     <?php
     foreach($_POST as $key => $value) {
+        
+        $key = clean_xss_tags($url);
+        $value = clean_xss_tags($value);
+
         if(strlen($value) < 1)
             continue;
 
         if(preg_match("/pass|pwd|capt|url/", $key))
             continue;
     ?>
-    <input type="hidden" name="<?php echo $key ?>" value="<?php echo $value ?>">
+    <input type="hidden" name="<?php echo htmlspecialchars($key); ?>" value="<?php echo htmlspecialchars($value); ?>">
     <?php
     }
     ?>