firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

영카트 Reflected XSS 취약점 수정( 17-0558 )

Browse Source
This commit is contained in:
thisgun
2017-09-06 19:19:14 +09:00
parent a431225576
commit 9810fd7475
8 changed files with 19 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
shop/bannerhit.php
View File

@ -1,6 +1,15 @@
<?php
include_once("./_common.php");
$bn_id = (int) $bn_id;
$sql = " select bn_id, bn_url from {$g5['g5_shop_banner_table']} where bn_id = '$bn_id' ";
$row = sql_fetch($sql);
if( ! $row['bn_id'] ){
alert('해당 배너가 존재하지 않습니다.', G5_SHOP_URL);
}
if ($_COOKIE['ck_bn_id'] != $bn_id)
{
$sql = " update {$g5['g5_shop_banner_table']} set bn_hit = bn_hit + 1 where bn_id = '$bn_id' ";
@ -9,5 +18,7 @@ if ($_COOKIE['ck_bn_id'] != $bn_id)
set_cookie("ck_bn_id", $bn_id, 60*60*24);
}
$url = clean_xss_tags($row['bn_url']);
goto_url($url);
?>