firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2023-5525] 그누보드(영카트) lgxpay plugin XSS취약점 수정

Browse Source
This commit is contained in:
thisgun
2023-12-04 18:16:20 +09:00
parent 5605b539f4
commit 5e1ab9c1e7
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
plugin/lgxpay/returnurl.php
View File

@ -38,8 +38,8 @@ $payReqMap = $_SESSION['lgd_certify'];//결제 요청시, Session에 저장했
</head>
<body onload="setLGDResult()">
<?php
$LGD_RESPCODE = isset($_POST['LGD_RESPCODE']) ? $_POST['LGD_RESPCODE'] : '';
$LGD_RESPMSG = isset($_POST['LGD_RESPMSG']) ? iconv("EUC-KR", "UTF-8", $_POST['LGD_RESPMSG']) : '';
$LGD_RESPCODE = isset($_POST['LGD_RESPCODE']) ? clean_xss_tags($_POST['LGD_RESPCODE']) : '';
$LGD_RESPMSG = isset($_POST['LGD_RESPMSG']) ? clean_xss_tags(iconv("EUC-KR", "UTF-8", $_POST['LGD_RESPMSG'])) : '';
$LGD_AUTHONLYKEY = "";
$LGD_PAYTYPE = "";
@ -47,8 +47,8 @@ $payReqMap = $_SESSION['lgd_certify'];//결제 요청시, Session에 저장했
$payReqMap['LGD_RESPMSG'] = $LGD_RESPMSG;
if($LGD_RESPCODE == "0000"){
$payReqMap['LGD_AUTHONLYKEY'] = isset($_POST['LGD_AUTHONLYKEY']) ? $_POST['LGD_AUTHONLYKEY'] : '';
$payReqMap['LGD_PAYTYPE'] = isset($_POST['LGD_PAYTYPE']) ? $_POST['LGD_PAYTYPE'] : '';
$payReqMap['LGD_AUTHONLYKEY'] = isset($_POST['LGD_AUTHONLYKEY']) ? clean_xss_tags($_POST['LGD_AUTHONLYKEY']) : '';
$payReqMap['LGD_PAYTYPE'] = isset($_POST['LGD_PAYTYPE']) ? clean_xss_tags($_POST['LGD_PAYTYPE']) : '';
}
else{
echo "LGD_RESPCODE:" . $LGD_RESPCODE . " ,LGD_RESPMSG:" . $LGD_RESPMSG; //인증 실패에 대한 처리 로직 추가