firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

KVE-2018-0732 취약점 수정

Browse Source
This commit is contained in:
thisgun
2018-10-01 10:48:59 +09:00
parent 6025f10116
commit 7524d29188
3 changed files with 23 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
adm/admin.lib.php
View File

@ -489,6 +489,19 @@ if (isset($stx)) $arr_query[] = 'stx='.$stx;
if (isset($page)) $arr_query[] = 'page='.$page;
$qstr = implode("&", $arr_query);
if ( isset($_REQUEST) && $_REQUEST ){
if( admin_referer_check(true) ){
foreach( $_REQUEST as $key=>$value ){
if( $value && preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && preg_match('/script.*?\/script/ius', $value) ){
alert('요청 쿼리에 잘못된 스크립트문장이 있습니다.\\nXSS 공격일수도 있습니다.');
die();
}
}
}
}
// 관리자에서는 추가 스크립트는 사용하지 않는다.
//$config['cf_add_script'] = '';
?>

16
adm/member_list_update.php
View File

@ -29,19 +29,19 @@ if ($_POST['act_button'] == "선택수정") {
$msg .= $mb['mb_id'].' : 로그인 중인 관리자는 수정 할 수 없습니다.\\n';
} else {
if($_POST['mb_certify'][$k])
$mb_adult = $_POST['mb_adult'][$k];
$mb_adult = (int) $_POST['mb_adult'][$k];
else
$mb_adult = 0;
$sql = " update {$g5['member_table']}
set mb_level = '{$_POST['mb_level'][$k]}',
mb_intercept_date = '{$_POST['mb_intercept_date'][$k]}',
mb_mailling = '{$_POST['mb_mailling'][$k]}',
mb_sms = '{$_POST['mb_sms'][$k]}',
mb_open = '{$_POST['mb_open'][$k]}',
mb_certify = '{$_POST['mb_certify'][$k]}',
set mb_level = '".sql_real_escape_string($_POST['mb_level'][$k])."',
mb_intercept_date = '".sql_real_escape_string($_POST['mb_intercept_date'][$k])."',
mb_mailling = '".sql_real_escape_string($_POST['mb_mailling'][$k])."',
mb_sms = '".sql_real_escape_string($_POST['mb_sms'][$k])."',
mb_open = '".sql_real_escape_string($_POST['mb_open'][$k])."',
mb_certify = '".sql_real_escape_string($_POST['mb_certify'][$k])."',
mb_adult = '{$mb_adult}'
where mb_id = '{$_POST['mb_id'][$k]}' ";
where mb_id = '".sql_real_escape_string($_POST['mb_id'][$k])."' ";
sql_query($sql);
}
}

2
lib/common.lib.php
View File

@ -714,6 +714,8 @@ function get_group($gr_id)
function get_member($mb_id, $fields='*')
{
global $g5;
$mb_id = preg_replace("/[^0-9a-z_]+/i", "", $mb_id);
return sql_fetch(" select $fields from {$g5['member_table']} where mb_id = TRIM('$mb_id') ");
}