KVE-2018-0289, 0290, 0291, 0292, 0293 영카트, 그누보드 취약점 수정

2018-05-14 16:54:05 +09:00
parent da26d2d020
commit c0fcd3a1ed
12 changed files with 296 additions and 13 deletions
--- a/adm/contentform.php
+++ b/adm/contentform.php
@ -126,6 +126,22 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');
            <input type="text" name="co_include_tail" value="<?php echo $co['co_include_tail']; ?>" id="co_include_tail" class="frm_input" size="60">
        </td>
    </tr>
+    <tr id="admin_captcha_box" style="display:none;">
+        <th scope="row">자동등록방지</th>
+        <td>
+            <?php
+            echo help("파일 경로를 입력 또는 수정시 캡챠를 반드시 입력해야 합니다.");
+
+            include_once(G5_CAPTCHA_PATH.'/captcha.lib.php');
+            $captcha_html = captcha_html();
+            $captcha_js   = chk_captcha_js();
+            echo $captcha_html;
+            ?>
+            <script>
+            jQuery("#captcha_key").removeAttr("required").removeClass("required");
+            </script>
+        </td>
+    </tr>
    <tr>
        <th scope="row"><label for="co_himg">상단이미지</label></th>
        <td>
@ -185,7 +201,56 @@ include_once (G5_ADMIN_PATH.'/admin.head.php');

 </form>

+<?php
+// [KVE-2018-2089] 취약점 으로 인해 파일 경로 수정시에만 자동등록방지 코드 사용
+?>
 <script>
+var captcha_chk = false;
+
+function use_captcha_check(){
+    $.ajax({
+        type: "POST",
+        url: g5_admin_url+"/ajax.use_captcha.php",
+        data: { admin_use_captcha: "1" },
+        cache: false,
+        async: false,
+        dataType: "json",
+        success: function(data) {
+        }
+    });
+}
+
+function frm_check_file(){
+    var co_include_head = "<?php echo $co['co_include_head']; ?>";
+    var co_include_tail = "<?php echo $co['co_include_tail']; ?>";
+    var head = jQuery.trim(jQuery("#co_include_head").val());
+    var tail = jQuery.trim(jQuery("#co_include_tail").val());
+
+    if(co_include_head !== head || co_include_tail !== tail){
+        // 캡챠를 사용합니다.
+        jQuery("#admin_captcha_box").show();
+        captcha_chk = true;
+
+        use_captcha_check();
+
+        return false;
+    } else {
+        jQuery("#admin_captcha_box").hide();
+    }
+
+    return true;
+}
+
+jQuery(function($){
+    if( window.self !== window.top ){   // frame 또는 iframe을 사용할 경우 체크
+        $("#co_include_head, #co_include_tail").on("change paste keyup", function(e) {
+            frm_check_file();
+        });
+
+        use_captcha_check();
+    }
+});
+
 function frmcontentform_check(f)
 {
    errmsg = "";
@ -204,6 +269,11 @@ function frmcontentform_check(f)
        errfld.focus();
        return false;
    }
+    
+    if( captcha_chk ) {
+        <?php echo $captcha_js; // 캡챠 사용시 자바스크립트에서 입력된 캡챠를 검사함  ?>
+    }
+
    return true;
 }
 </script>