firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2022-0120]그누보드_부적절한_권한_검증_취약점_수정

Browse Source
This commit is contained in:
thisgun
2022-06-15 16:11:06 +09:00
parent d8b6297579
commit bafa1c43bf
4 changed files with 22 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
plugin/inicert/ini_find_result.php
View File

@ -1,10 +1,10 @@
<?php
include_once('./_common.php');
$txId = $_POST['txId'];
$txId = isset($_POST['txId']) ? clean_xss_tags($_POST['txId'], 1, 1) : '';
$mid = substr($txId, 6, 10);
if ($_POST["resultCode"] === "0000") {
if ($txId && isset($_POST["resultCode"]) && $_POST["resultCode"] === "0000") {
$data = array(
'mid' => $mid,
@ -13,6 +13,12 @@ if ($_POST["resultCode"] === "0000") {
$post_data = json_encode($data);
$url_data = isset($_POST["authRequestUrl"]) ? @parse_url($_POST["authRequestUrl"]) : array();
if(!(isset($url_data["host"]) && preg_match("#\.inicis\.com$#", $url_data["host"]))){
alert('잘못된 요청입니다.', G5_URL);
}
// curl 통신 시작
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $_POST["authRequestUrl"]);
@ -73,7 +79,7 @@ if ($_POST["resultCode"] === "0000") {
}
} else { // resultCode===0000 아닐경우 아래 인증 실패를 출력함
// 인증실패
alert_close('코드 : '.$_POST['resultCode'].' '.urldecode($_POST['resultMsg']));
alert_close('코드 : '.(isset($_POST['resultCode']) ? clean_xss_tags($_POST['resultCode'], 1, 1) : '').' '.(isset($_POST['resultMsg']) ? clean_xss_tags(urldecode($_POST['resultMsg']), 1, 1) : ''));
exit;
}
@ -81,7 +87,7 @@ $g5['title'] = 'KG이니시스 간편인증 결과';
include_once(G5_PATH.'/head.sub.php');
?>
<form name="mbFindForm" method="POST">
<input type="hidden" name="mb_id" value="<?php echo $row["mb_id"]; ?>">
<input type="hidden" name="mb_id" value="<?php echo isset($row["mb_id"]) ? get_text($row["mb_id"]) : ''; ?>">
</form>
<script>
jQuery(function($) {

2
plugin/inicert/ini_request.php
View File

@ -67,7 +67,7 @@ include_once(G5_PATH.'/head.sub.php');
<input type="hidden" name="userBirth" value="<?php echo $userBirth ?>">
<input type="hidden" name="userHash" value="<?php echo $userHash ?>">
<input type="hidden" name="mbId" value="<?php echo $member['mb_id'] ?>">
<input type="hidden" name="directAgency" value="<?php echo $_GET['directAgency']; ?>">
<input type="hidden" name="directAgency" value="<?php echo isset($_GET['directAgency']) ? clean_xss_tags($_GET['directAgency'], 1, 1) : ''; ?>">
<input type="hidden" name="successUrl" value="<?php echo $resultUrl; ?>"> <!-- 필수 값 -->
<input type="hidden" name="failUrl" value="<?php echo $resultUrl; ?>"> <!-- 필수 값 -->

12
plugin/inicert/ini_result.php
View File

@ -1,10 +1,10 @@
<?php
include_once('./_common.php');
$txId = $_POST['txId'];
$txId = isset($_POST['txId']) ? clean_xss_tags($_POST['txId'], 1, 1) : '';
$mid = substr($txId, 6, 10);
if ($_POST["resultCode"] === "0000") {
if ($txId && isset($_POST["resultCode"]) && $_POST["resultCode"] === "0000") {
$data = array(
'mid' => $mid,
@ -13,6 +13,12 @@ if ($_POST["resultCode"] === "0000") {
$post_data = json_encode($data);
$url_data = isset($_POST["authRequestUrl"]) ? @parse_url($_POST["authRequestUrl"]) : array();
if(!(isset($url_data["host"]) && preg_match("#\.inicis\.com$#", $url_data["host"]))){
alert('잘못된 요청입니다.', G5_URL);
}
// curl 통신 시작
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $_POST["authRequestUrl"]);
@ -81,7 +87,7 @@ if ($_POST["resultCode"] === "0000") {
}
} else { // resultCode===0000 아닐경우 아래 인증 실패를 출력함
// 인증실패
alert_close('코드 : '.$_POST['resultCode'].' '.urldecode($_POST['resultMsg']));
alert_close('코드 : '.(isset($_POST['resultCode']) ? clean_xss_tags($_POST['resultCode'], 1, 1) : '').' '.(isset($_POST['resultMsg']) ? clean_xss_tags(urldecode($_POST['resultMsg']), 1, 1) : ''));
exit;
}