firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

관리자 페이지 원격 명령 실행 취약점 수정

Browse Source
This commit is contained in:
thisgun
2024-02-14 19:09:20 +09:00
parent 8d912e3511
commit 248cb2b173
7 changed files with 14 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
adm/board_copy_update.php
View File

@ -8,7 +8,7 @@ auth_check_menu($auth, $sub_menu, 'w');
check_admin_token();
$bo_table = isset($_POST['bo_table']) ? $_POST['bo_table'] : null;
$bo_table = isset($_POST['bo_table']) ? substr(preg_replace('/[^a-z0-9_]/i', '', $_POST['bo_table']), 0, 20) : null;
$target_table = isset($_POST['target_table']) ? trim($_POST['target_table']) : '';
$target_subject = isset($_POST['target_subject']) ? trim($_POST['target_subject']) : '';
@ -24,6 +24,8 @@ if (!preg_match('/[A-Za-z0-9_]{1,20}/', $target_table)) {
alert('게시판 TABLE명은 공백없이 영문자, 숫자, _ 만 사용 가능합니다. (20자 이내)');
}
$target_table = substr(preg_replace('/[^a-z0-9_]/i', '', $target_table), 0, 20);
// 게시판명이 금지된 단어로 되어 있으면
if ($w == '' && in_array($target_table, get_bo_table_banned_word())) {
alert('입력한 게시판 TABLE명을 사용할수 없습니다. 다른 이름으로 입력해 주세요.');

6
adm/shop_admin/configformupdate.php
View File

@ -28,8 +28,8 @@ if ($_FILES['mobile_logo_img2']['name']) upload_file($_FILES['mobile_logo_img2']
$de_kcp_mid = isset($_POST['de_kcp_mid']) ? substr($_POST['de_kcp_mid'], 0, 3) : '';
$cf_icode_server_port = isset($cf_icode_server_port) ? preg_replace('/[^0-9]/', '', $cf_icode_server_port) : '7295';
$de_shop_skin = isset($_POST['de_shop_skin']) ? preg_replace('#\.+(\/|\\\)#', '', $_POST['de_shop_skin']) : 'basic';
$de_shop_mobile_skin = isset($_POST['de_shop_mobile_skin']) ? preg_replace('#\.+(\/|\\\)#', '', $_POST['de_shop_mobile_skin']) : 'basic';
$de_shop_skin = isset($_POST['de_shop_skin']) ? preg_replace(array('#\.+(\/|\\\)#', '#[\'\"]#'), array('', ''), $_POST['de_shop_skin']) : 'basic';
$de_shop_mobile_skin = isset($_POST['de_shop_mobile_skin']) ? preg_replace(array('#\.+(\/|\\\)#', '#[\'\"]#'), array('', ''), $_POST['de_shop_mobile_skin']) : 'basic';
$skins = get_skin_dir('shop');
@ -59,7 +59,7 @@ $de_shop_mobile_skin = in_array($de_shop_mobile_skin, $mobile_skins) ? $de_shop_
$check_skin_keys = array('de_type1_list_skin', 'de_type2_list_skin', 'de_type3_list_skin', 'de_type4_list_skin', 'de_type5_list_skin', 'de_mobile_type1_list_skin', 'de_mobile_type2_list_skin', 'de_mobile_type3_list_skin', 'de_mobile_type4_list_skin', 'de_mobile_type5_list_skin', 'de_rel_list_skin', 'de_mobile_rel_list_skin', 'de_search_list_skin', 'de_mobile_search_list_skin', 'de_listtype_list_skin', 'de_mobile_listtype_list_skin');
foreach($check_skin_keys as $key){
$$key = $_POST[$key] = isset($_POST[$key]) ? preg_replace('#\.+(\/|\\\)#', '', strip_tags($_POST[$key])) : '';
$$key = $_POST[$key] = isset($_POST[$key]) ? preg_replace(array('#\.+(\/|\\\)#', '#[\'\"]#'), array('', ''), strip_tags($_POST[$key])) : '';
if( isset($_POST[$key]) && preg_match('#\.+(\/|\\\)#', $_POST[$key]) ){
alert('스킨설정에 유효하지 문자가 포함되어 있습니다.');

4
adm/shop_admin/itemeventformupdate.php
View File

@ -41,8 +41,8 @@ if ($ev_mimg_del) @unlink(G5_DATA_PATH."/event/{$ev_id}_m");
if ($ev_himg_del) @unlink(G5_DATA_PATH."/event/{$ev_id}_h");
if ($ev_timg_del) @unlink(G5_DATA_PATH."/event/{$ev_id}_t");
$ev_skin = preg_replace('#\.+(\/|\\\)#', '', $ev_skin);
$ev_mobile_skin = preg_replace('#\.+(\/|\\\)#', '', $ev_mobile_skin);
$ev_skin = preg_replace(array('#\.+(\/|\\\)#', '#[\'\"]#'), array('', ''), $ev_skin);
$ev_mobile_skin = preg_replace(array('#\.+(\/|\\\)#', '#[\'\"]#'), array('', ''), $ev_mobile_skin);
$skin_regex_patten = "^list.[0-9]+\.skin\.php";

2
mobile/shop/event.php
View File

@ -33,7 +33,7 @@ else
$order_by = 'b.it_order, b.it_id desc';
if ($skin) {
$skin = preg_replace('#\.+(\/|\\\)#', '', $skin);
$skin = preg_replace(array('#\.+(\/|\\\)#', '#[\'\"]#'), array('', ''), $skin);
$ev['ev_skin'] = $skin;
}

2
mobile/shop/lg/mispwapurl.php
View File

@ -2,7 +2,7 @@
// 해당 페이지는 사용자가 ISP{국민/BC) 카드 결제를 성공하였을 때, 사용자에게 보여지는 페이지입니다.
include_once('./_common.php');
$LGD_OID = clean_xss_tags($_GET['LGD_OID']);
$LGD_OID = clean_xss_tags($_GET['LGD_OID'], 1, 1);
echo "LGD_OID = ".$LGD_OID;

4
mobile/shop/orderinquiryview.php
View File

@ -1,5 +1,7 @@
<?php
include_once('./_common.php');
if (!defined("_GNUBOARD_")) exit; // 개별 페이지 접근 불가
$od_id = isset($_REQUEST['od_id']) ? safe_replace_regex($_REQUEST['od_id'], 'od_id') : '';
// 테마에 orderinquiryview.php 있으면 include
if(defined('G5_THEME_MSHOP_PATH')) {

2
shop/event.php
View File

@ -50,7 +50,7 @@ else
$order_by = 'b.it_order, b.it_id desc';
if ($skin) {
$skin = preg_replace('#\.+(\/|\\\)#', '', $skin);
$skin = preg_replace(array('#\.+(\/|\\\)#', '#[\'\"]#'), array('', ''), $skin);
$ev['ev_skin'] = $skin;
}