From cb61fa30459820564b9f8c5483934e9a47a64ff5 Mon Sep 17 00:00:00 2001 From: kagla Date: Fri, 11 Mar 2022 11:01:15 +0900 Subject: [PATCH 1/8] =?UTF-8?q?#167=20Security=20Report=20:=20Cross-Site?= =?UTF-8?q?=20Scripting=20=EC=98=A4=EB=A5=98=20=ED=95=B4=EA=B2=B0=20(P0cas?= =?UTF-8?q?=EB=8B=98,220311)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/memo.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/bbs/memo.php b/bbs/memo.php index 86ffb7930..f7cd044e7 100644 --- a/bbs/memo.php +++ b/bbs/memo.php @@ -16,8 +16,7 @@ if ($kind == 'recv') else if ($kind == 'send') $unkind = 'recv'; else { - $kind = clean_xss_tags(trim($kind)); - alert(''.$kind .'값을 넘겨주세요.'); + alert("kind 변수 값이 올바르지 않습니다."); } if ($page < 1) { $page = 1; } // 페이지가 없으면 첫 페이지 (1 페이지) From 30a24811455ab51f91d7be331747741f80d877c5 Mon Sep 17 00:00:00 2001 From: kagla Date: Fri, 11 Mar 2022 11:08:13 +0900 Subject: [PATCH 2/8] =?UTF-8?q?Cross-site=20Scripting=20(XSS)=20=ED=95=B4?= =?UTF-8?q?=EA=B2=B0=20(SeungHyunKim=EB=8B=98,220311)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- mobile/shop/lg/mispwapurl.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mobile/shop/lg/mispwapurl.php b/mobile/shop/lg/mispwapurl.php index 83fc1de52..79e1f1360 100644 --- a/mobile/shop/lg/mispwapurl.php +++ b/mobile/shop/lg/mispwapurl.php @@ -2,7 +2,7 @@ // 해당 페이지는 사용자가 ISP{국민/BC) 카드 결제를 성공하였을 때, 사용자에게 보여지는 페이지입니다. include_once('./_common.php'); -$LGD_OID = $_GET['LGD_OID']; +$LGD_OID = clean_xss_tags($_GET['LGD_OID']); echo "LGD_OID = ".$LGD_OID; From bdcf17dfc253871a459fbcab47c5ad8d7a8df389 Mon Sep 17 00:00:00 2001 From: kagla Date: Tue, 15 Mar 2022 15:19:59 +0900 Subject: [PATCH 3/8] =?UTF-8?q?Warning:=20Trying=20to=20access=20array=20o?= =?UTF-8?q?ffset=20on=20value=20of=20type=20null=20=EC=98=A4=EB=A5=98=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- shop/settle_lg_common.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/shop/settle_lg_common.php b/shop/settle_lg_common.php index cc2365782..21d6662c3 100644 --- a/shop/settle_lg_common.php +++ b/shop/settle_lg_common.php @@ -80,7 +80,7 @@ if ( $LGD_HASHDATA2 == $LGD_HASHDATA ) { //해쉬값 검증이 성공이면 $result = false; - if($row['pp_id']) { + if(isset($row['pp_id']) && $row['pp_id']) { // 개인결제 UPDATE $sql = " update {$g5['g5_shop_personalpay_table']} set pp_receipt_price = '$LGD_AMOUNT', @@ -113,7 +113,7 @@ if ( $LGD_HASHDATA2 == $LGD_HASHDATA ) { //해쉬값 검증이 성공이면 } if($result) { - if($row['od_id']) + if(isset($row['od_id']) && $row['od_id']) $od_id = $row['od_id']; else $od_id = $LGD_OID; From af3b1b69d3dbc5553aa76fe27ec14cb1bde9ad74 Mon Sep 17 00:00:00 2001 From: kagla Date: Wed, 16 Mar 2022 16:04:56 +0900 Subject: [PATCH 4/8] =?UTF-8?q?Proxy=20=EC=84=9C=EB=B2=84=EB=82=98=20?= =?UTF-8?q?=EB=A1=9C=EB=93=9C=EB=B0=B8=EB=9F=B0=EC=84=9C=20=EB=93=B1?= =?UTF-8?q?=EC=97=90=EC=84=9C=EB=8A=94=20=EC=82=AC=EC=9A=A9=EC=9E=90?= =?UTF-8?q?=EC=9D=98=20IP=EA=B0=80=20REMOTE=5FADDR=20=EC=9D=B4=20=EC=95=84?= =?UTF-8?q?=EB=8B=8C=20HTTP=5FX=5FFORWARDED=5FFOR=20=EC=97=90=20=EC=A0=80?= =?UTF-8?q?=EC=9E=A5=EB=90=9C=20=EA=B2=BD=EC=9A=B0=EA=B0=80=20=EC=9E=88?= =?UTF-8?q?=EC=9D=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- shop/settle_inicis_common.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shop/settle_inicis_common.php b/shop/settle_inicis_common.php index f885e7bf7..b3c63871e 100644 --- a/shop/settle_inicis_common.php +++ b/shop/settle_inicis_common.php @@ -14,7 +14,7 @@ $INIpayLog = false; // 로그를 기록하려면 true 로 수 //********************************************************************************** -$PG_IP = $_SERVER['REMOTE_ADDR']; +$PG_IP = get_real_client_ip(); if( $PG_IP == "203.238.37.3" || $PG_IP == "203.238.37.15" || $PG_IP == "203.238.37.16" || $PG_IP == "203.238.37.25" || $PG_IP == "39.115.212.9" ) //PG에서 보냈는지 IP로 체크 { From d79c3be7baa108816899214d888669b3fe95bbbd Mon Sep 17 00:00:00 2001 From: kagla Date: Wed, 16 Mar 2022 16:07:13 +0900 Subject: [PATCH 5/8] =?UTF-8?q?SQL=20=EA=B5=AC=EB=AC=B8=20=EC=98=A4?= =?UTF-8?q?=EB=A5=98=20=ED=95=B4=EA=B2=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/write_update.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/bbs/write_update.php b/bbs/write_update.php index f36c60add..32c87cd66 100644 --- a/bbs/write_update.php +++ b/bbs/write_update.php @@ -221,6 +221,9 @@ if (!isset($_POST['wr_subject']) || !trim($_POST['wr_subject'])) $wr_seo_title = exist_seo_title_recursive('bbs', generate_seo_title($wr_subject), $write_table, $wr_id); +$options = array($html,$secret,$mail); +$wr_option = implode(',', array_filter($options, function($v) { return trim($v); })); + if ($w == '' || $w == 'r') { if ($member['mb_id']) { @@ -258,7 +261,7 @@ if ($w == '' || $w == 'r') { wr_reply = '$wr_reply', wr_comment = 0, ca_name = '$ca_name', - wr_option = '$html,$secret,$mail', + wr_option = '$wr_option', wr_subject = '$wr_subject', wr_content = '$wr_content', wr_seo_title = '$wr_seo_title', @@ -380,7 +383,7 @@ if ($w == '' || $w == 'r') { $sql = " update {$write_table} set ca_name = '{$ca_name}', - wr_option = '{$html},{$secret},{$mail}', + wr_option = '{$wr_option}', wr_subject = '{$wr_subject}', wr_content = '{$wr_content}', wr_seo_title = '$wr_seo_title', From 8021ebadf9f7435b47a2c04a18e2008c3c667bd9 Mon Sep 17 00:00:00 2001 From: kagla Date: Wed, 16 Mar 2022 16:39:14 +0900 Subject: [PATCH 6/8] =?UTF-8?q?Proxy=20=EC=84=9C=EB=B2=84=EB=82=98=20?= =?UTF-8?q?=EB=A1=9C=EB=93=9C=EB=B0=B8=EB=9F=B0=EC=84=9C=20=EB=93=B1?= =?UTF-8?q?=EC=97=90=EC=84=9C=EB=8A=94=20HTTPS=20=EC=A0=91=EC=86=8D?= =?UTF-8?q?=EC=8B=9C=20HTTP=5FX=5FFORWARDED=5FPROTO=20=EB=A1=9C=20?= =?UTF-8?q?=EC=B2=B4=ED=81=AC=ED=95=B4=EC=95=BC=20=ED=95=98=EB=8A=94=20?= =?UTF-8?q?=EA=B2=BD=EC=9A=B0=EA=B0=80=20=EC=9E=88=EC=9D=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config.php b/config.php index 9c67d04f2..d8d72a5c3 100644 --- a/config.php +++ b/config.php @@ -229,7 +229,8 @@ define('G5_VISIT_BROWSCAP_USE', false); */ define('G5_IP_DISPLAY', '\\1.♡.\\3.\\4'); -if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') { //https 통신일때 daum 주소 js +if ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') || + (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO']==='https')) { //https 통신일때 daum 주소 js define('G5_POSTCODE_JS', ''); } else { //http 통신일때 daum 주소 js define('G5_POSTCODE_JS', ''); From ae6190116ffc8afaa7ac1497498196c3abaff58c Mon Sep 17 00:00:00 2001 From: kagla Date: Wed, 16 Mar 2022 17:20:31 +0900 Subject: [PATCH 7/8] =?UTF-8?q?height=20=EC=A4=91=EB=B3=B5=EC=84=A0?= =?UTF-8?q?=EC=96=B8=20=ED=95=B4=EA=B2=B0=20(=EB=83=A0=EB=83=A0=EC=9D=B4?= =?UTF-8?q?=EB=8B=98,220316)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- theme/basic/css/default.css | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/theme/basic/css/default.css b/theme/basic/css/default.css index 334b0b3c0..9efda9dce 100644 --- a/theme/basic/css/default.css +++ b/theme/basic/css/default.css @@ -169,7 +169,7 @@ box-shadow:0 2px 5px rgba(0,0,0,0.2)} #container_wr {margin:0 auto;zoom:1} #aside {float:right;width:235px;padding:0;height:100%;margin:20px 0 20px 20px} -#container {position:relative;float:left;min-height:500px;height:auto !important;margin:20px 0;height:500px;font-size:1em;width:930px;zoom:1} +#container {position:relative;float:left;min-height:500px;height:auto !important;margin:20px 0;font-size:1em;width:930px;zoom:1} #container:after {display:block;visibility:hidden;clear:both;content:""} #container_title {font-size:1.333em;margin:0 auto;font-weight:bold} #container_title span {margin:0 auto 10px;display:block;line-height:30px} From 84a065c31b264611897d577338340dd87fb68ef6 Mon Sep 17 00:00:00 2001 From: kagla Date: Thu, 17 Mar 2022 11:17:22 +0900 Subject: [PATCH 8/8] =?UTF-8?q?host=20=EA=B0=80=20inicis.com=20=EC=9D=98?= =?UTF-8?q?=20=EC=A3=BC=EC=86=8C=EA=B0=80=20=EC=95=84=EB=8B=88=EB=9D=BC?= =?UTF-8?q?=EB=A9=B4=20false=20=EB=B0=98=ED=99=98,=20XSS=20=EC=B7=A8?= =?UTF-8?q?=EC=95=BD=EC=A0=90=20=ED=95=B4=EA=B2=B0=20(03sunf=EB=8B=98,2203?= =?UTF-8?q?17)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- shop/inicis/libs/HttpClient.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/shop/inicis/libs/HttpClient.php b/shop/inicis/libs/HttpClient.php index 2799437cf..2179eb82e 100644 --- a/shop/inicis/libs/HttpClient.php +++ b/shop/inicis/libs/HttpClient.php @@ -32,6 +32,12 @@ class HttpClient { $data = substr($data, 1); // remove leading "&" $url_data = parse_url($url); + // host 가 inicis.com 의 주소가 아니라면 false 반환 + // [scheme] => https, [host] => fcstdpay.inicis.com, [path] => /api/payAuth + if (preg_match("#inicis\.com$#", $url_data["host"]) == false) { + // error_log(print_r($url_data, 1)); + return false; + } if ($url_data["scheme"] == "https") { $this->ssl = "ssl://";