firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

그누보드 CSRF 취약점(KVE-2017-0883,0884,0923) 수정

Browse Source
This commit is contained in:
thisgun
2017-12-12 11:59:10 +09:00
parent 7f9664af0a
commit 875a326344
5 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adm/member_list_update.php
View File

@ -10,6 +10,8 @@ if (!count($_POST['chk'])) {
auth_check($auth[$sub_menu], 'w');
check_admin_token();
if ($_POST['act_button'] == "선택수정") {
for ($i=0; $i<count($_POST['chk']); $i++)

4
bbs/memo.php
View File

@ -4,6 +4,8 @@ include_once('./_common.php');
if ($is_guest)
alert_close('회원만 이용하실 수 있습니다.');
set_session('ss_memo_delete_token', $token = uniqid(time()));
$g5['title'] = '내 쪽지함';
include_once(G5_PATH.'/head.sub.php');
@ -65,7 +67,7 @@ for ($i=0; $row=sql_fetch_array($result); $i++)
$list[$i]['send_datetime'] = $send_datetime;
$list[$i]['read_datetime'] = $read_datetime;
$list[$i]['view_href'] = './memo_view.php?me_id='.$row['me_id'].'&amp;kind='.$kind;
$list[$i]['del_href'] = './memo_delete.php?me_id='.$row['me_id'].'&amp;kind='.$kind;
$list[$i]['del_href'] = './memo_delete.php?me_id='.$row['me_id'].'&amp;token='.$token.'&amp;kind='.$kind;
}
include_once($member_skin_path.'/memo.skin.php');

6
bbs/memo_delete.php
View File

@ -4,6 +4,12 @@ include_once('./_common.php');
if (!$is_member)
alert('회원만 이용하실 수 있습니다.');
$delete_token = get_session('ss_memo_delete_token');
set_session('ss_memo_delete_token', '');
if (!($token && $delete_token == $token))
alert('토큰 에러로 삭제 불가합니다.');
$me_id = (int)$_REQUEST['me_id'];
$sql = " select * from {$g5['memo_table']} where me_id = '{$me_id}' ";

6
bbs/qadelete.php
View File

@ -4,6 +4,12 @@ include_once('./_common.php');
if($is_guest)
alert('회원이시라면 로그인 후 이용해 주십시오.', G5_URL);
$delete_token = get_session('ss_qa_delete_token');
set_session('ss_qa_delete_token', '');
if (!($token && $delete_token == $token))
alert('토큰 에러로 삭제 불가합니다.');
$tmp_array = array();
if ($qa_id) // 건별삭제
$tmp_array[0] = $qa_id;

3
bbs/qaview.php
View File

@ -109,7 +109,8 @@ if(is_file($skin_file)) {
*/
if(($view['qa_type'] && $is_admin) || (!$view['qa_type'] && $view['qa_status'] == 0)) {
$update_href = G5_BBS_URL.'/qawrite.php?w=u&amp;qa_id='.$view['qa_id'].$qstr;
$delete_href = G5_BBS_URL.'/qadelete.php?qa_id='.$view['qa_id'].$qstr;
set_session('ss_qa_delete_token', $token = uniqid(time()));
$delete_href = G5_BBS_URL.'/qadelete.php?qa_id='.$view['qa_id'].'&amp;token='.$token.$qstr;
}
// 질문글이고 등록된 답변이 있다면