firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

KVE-2018-1987, 2019-0038 영카트 다중 취약점 수정

Browse Source
This commit is contained in:
thisgun
2019-01-28 16:22:50 +09:00
parent cc4f83c355
commit 9e502fdb18
8 changed files with 97 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
mobile/shop/inicis/settle_common.php
View File

@ -53,6 +53,13 @@ if($PGIP == "211.219.96.165" || $PGIP == "118.129.210.25" || $PGIP == "183.109.7
$P_AUTH_NO = $_POST['P_AUTH_NO'];
$P_SRC_CODE = $_POST['P_SRC_CODE'];
include_once(G5_MSHOP_PATH.'/settle_inicis.inc.php');
if(! ($default['de_pg_service'] === 'inicis' && $default['de_inicis_mid'] === $P_MID)){
echo "FAIL";
return;
}
// 결과 incis log 테이블 기록
if($P_TYPE == 'BANK' || $P_SRC_CODE == 'A') {
@ -88,8 +95,6 @@ if($PGIP == "211.219.96.165" || $PGIP == "118.129.210.25" || $PGIP == "183.109.7
if( !$exist_order['cnt'] ){
//주문정보를 insert 합니다.
include_once(G5_MSHOP_PATH.'/settle_inicis.inc.php');
$sql = " select * from {$g5['g5_shop_order_data_table']} where od_id = $P_OID ";
$od = sql_fetch($sql);
$data = unserialize(base64_decode($od['dt_data']));
@ -117,8 +122,6 @@ if($PGIP == "211.219.96.165" || $PGIP == "118.129.210.25" || $PGIP == "183.109.7
}
}
extract($params);
$good_mny = $P_AMT;
$pp_name = clean_xss_tags($data['pp_name']);
$pp_email = clean_xss_tags($data['pp_email']);
@ -144,7 +147,7 @@ if($PGIP == "211.219.96.165" || $PGIP == "118.129.210.25" || $PGIP == "183.109.7
if( !$order_id ){
echo "FAIL";
} else {
$sql = " delete from {$g5['g5_shop_inicis_log_table']} where (oid = '$P_OID' and P_TID = '$P_TID') OR substr(P_AUTH_DT, 1, 8) < '".date('Ymd', strtotime('-3 month', G5_SERVER_TIME))."' ";
$sql = " delete from {$g5['g5_shop_inicis_log_table']} where (oid = '$P_OID' and P_TID = '$P_TID') OR substr(P_AUTH_DT, 1, 8) < '".date('Ymd', strtotime('-1 month', G5_SERVER_TIME))."' ";
sql_query( $sql , false);
}
}
@ -211,8 +214,16 @@ if($PGIP == "211.219.96.165" || $PGIP == "118.129.210.25" || $PGIP == "183.109.7
$_POST['P_VACT_BANK'] = $params['P_VACT_BANK'] = $PAY['P_FN_NM'];
$_POST['P_AUTH_NO'] = $params['P_AUTH_NO'] = $PAY['P_AUTH_NO'];
extract($params);
$check_keys = array('od_name', 'od_tel', 'od_pwd', 'od_hp', 'od_zip', 'od_addr1', 'od_addr2', 'od_addr3', 'od_addr_jibeon', 'od_email', 'ad_default', 'ad_subject', 'od_hope_date', 'od_b_name', 'od_b_tel', 'od_b_hp', 'od_b_zip', 'od_b_addr1', 'od_b_addr2', 'od_b_addr3', 'od_b_addr_jibeon', 'od_memo', 'od_settle_case', 'max_temp_point', 'od_temp_point', 'od_send_cost', 'od_send_cost2', 'od_bank_account', 'od_deposit_name', 'od_test', 'od_ip');
foreach($check_keys as $key){
$$key = isset($params[$key]) ? $params[$key] : '';
}
$od_send_cost = (int) $od_send_cost;
$od_send_cost2 = (int) $od_send_cost2;
$ad_default = (int) $ad_default;
if( $od['mb_id'] ){
$is_member = true;
$member = get_member($od['mb_id']);
@ -224,7 +235,7 @@ if($PGIP == "211.219.96.165" || $PGIP == "118.129.210.25" || $PGIP == "183.109.7
if( !$order_id ){
echo "FAIL";
} else {
$sql = " delete from {$g5['g5_shop_inicis_log_table']} where (oid = '$P_OID' and P_TID = '$P_TID') OR substr(P_AUTH_DT, 1, 8) < '".date('Ymd', strtotime('-3 month', G5_SERVER_TIME))."' ";
$sql = " delete from {$g5['g5_shop_inicis_log_table']} where (oid = '$P_OID' and P_TID = '$P_TID') OR substr(P_AUTH_DT, 1, 8) < '".date('Ymd', strtotime('-1 month', G5_SERVER_TIME))."' ";
sql_query( $sql , false);
}
}

15
mobile/shop/personalpayformupdate.php
View File

@ -21,10 +21,19 @@ $pp = sql_fetch($sql);
if(!$pp['pp_id'])
alert('개인결제 정보가 존재하지 않습니다.', G5_SHOP_URL.'/personalpay.php');
if($pp['pp_tno'])
alert('이미 결제하신 개인결제 내역입니다.', G5_SHOP_URL);
$hash_data = md5($_POST['pp_id'].$_POST['good_mny'].$pp['pp_time']);
if($pp['pp_tno']){
if( $default['de_pg_service'] == 'inicis' && ($_POST['pp_id'] === get_session('ss_personalpay_id') && $hash_data === get_session('ss_personalpay_hash')) ){
$uid = md5($pp['pp_id'].$pp['pp_time'].$_SERVER['REMOTE_ADDR']);
set_session('ss_personalpay_uid', $uid);
goto_url(G5_SHOP_URL.'/personalpayresult.php?pp_id='.$pp['pp_id'].'&amp;uid='.$uid);
} else {
alert('이미 결제하신 개인결제 내역입니다.', G5_SHOP_URL);
}
}
if($_POST['pp_id'] != get_session('ss_personalpay_id') || $hash_data != get_session('ss_personalpay_hash'))
die('개인결제 정보가 올바르지 않습니다.');