firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

OpenRediect 취약점 수정

Browse Source
This commit is contained in:
thisgun
2024-01-25 16:50:47 +09:00
parent cb6b39cb60
commit 15f2037790
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bbs/logout.php
View File

@ -19,7 +19,7 @@ if ($url) {
if ( substr($url, 0, 2) == '//' ) if ( substr($url, 0, 2) == '//' )
$url = 'http:' . $url; $url = 'http:' . $url;
$p = @parse_url(urldecode($url)); $p = @parse_url(urldecode(str_replace('\\', '', $url)));
/* /*
// OpenRediect 취약점관련, PHP 5.3 이하버전에서는 parse_url 버그가 있음 ( Safflower 님 제보 ) 아래 url 예제 // OpenRediect 취약점관련, PHP 5.3 이하버전에서는 parse_url 버그가 있음 ( Safflower 님 제보 ) 아래 url 예제
// http://localhost/bbs/logout.php?url=http://sir.kr%23@/ // http://localhost/bbs/logout.php?url=http://sir.kr%23@/

3
lib/common.lib.php
View File

@ -3612,7 +3612,8 @@ function check_url_host($url, $msg='', $return_url=G5_URL, $is_redirect=false)
while ( ( $replace_url = preg_replace(array('/\/{2,}/', '/\\@/'), array('//', ''), urldecode($url)) ) != $url ) { while ( ( $replace_url = preg_replace(array('/\/{2,}/', '/\\@/'), array('//', ''), urldecode($url)) ) != $url ) {
$url = $replace_url; $url = $replace_url;
} }
$p = @parse_url(trim($url));
$p = @parse_url(trim(str_replace('\\', '', $url)));
$host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']); $host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']);
$is_host_check = false; $is_host_check = false;