firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

그누보드 관리자 페이지 SQL Injection 취약점 수정

Browse Source
This commit is contained in:
thisgun
2018-03-19 10:24:24 +09:00
parent cfc85a327b
commit c665cc0557
1 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
adm/auth_list_delete.php
View File

@ -9,17 +9,24 @@ if ($is_admin != 'super')
check_admin_token();
$count = count($_POST['chk']);
$count = (isset($_POST['chk']) && is_array($_POST['chk'])) ? count($_POST['chk']) : 0;
if (!$count)
alert($_POST['act_button']." 하실 항목을 하나 이상 체크하세요.");
if ( (isset($_POST['mb_id']) && ! is_array($_POST['mb_id'])) || (isset($_POST['au_menu']) && ! is_array($_POST['au_menu'])) ){
alert("잘못된 요청입니다.");
}
for ($i=0; $i<$count; $i++)
{
// 실제 번호를 넘김
$k = $chk[$i];
$mb_id = preg_replace('/[^a-zA-Z0-9_]/', '', $_POST['mb_id'][$k]);
$au_menu = preg_replace('/[^a-zA-Z0-9_]/', '', $_POST['au_menu'][$k]);
$sql = " delete from {$g5['auth_table']} where mb_id = '{$_POST['mb_id'][$k]}' and au_menu = '{$_POST['au_menu'][$k]}' ";
$sql = " delete from {$g5['auth_table']} where mb_id = '".$mb_id."' and au_menu = '".$au_menu."' ";
sql_query($sql);
}