From 32924003b97a570da185e117267354c22ef38042 Mon Sep 17 00:00:00 2001 From: thisgun Date: Tue, 19 Mar 2019 12:29:24 +0900 Subject: [PATCH 01/13] =?UTF-8?q?=EA=B4=80=EB=A6=AC=EC=9E=90=20=ED=99=98?= =?UTF-8?q?=EA=B2=BD=EC=84=A4=EC=A0=95=20=EC=97=AC=EB=B6=84=ED=95=84?= =?UTF-8?q?=EB=93=9C=20style=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/config_form.php | 2 +- adm/css/admin.css | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/adm/config_form.php b/adm/config_form.php index 1193a7b7f..738e0cdea 100644 --- a/adm/config_form.php +++ b/adm/config_form.php @@ -1317,7 +1317,7 @@ if ($config['cf_sms_use'] && $config['cf_icode_id'] && $config['cf_icode_pw']) { - + diff --git a/adm/css/admin.css b/adm/css/admin.css index ed58130fd..f378a79b4 100644 --- a/adm/css/admin.css +++ b/adm/css/admin.css @@ -403,8 +403,8 @@ tfoot th {} #anc_bo_extra label {display:inline-block;width:100px} #anc_bo_extra input {margin-right:10px} -/* 게시판 여분필드 값 input style 로빈아빠님 제안 */ -#anc_bo_extra input.extra-value-input {width:calc(100% - 370px);} +/* 환경설정 및 게시판 여분필드 값 input style 로빈아빠님 제안 */ +#anc_bo_extra input.extra-value-input, #anc_cf_extra input.extra-value-input{width:calc(100% - 370px);} /* 접속자집계 목록 */ .tbl_visit_list td {text-align:center} From 6e89aff24f60cf50ccfb7ca0353e267473d17b32 Mon Sep 17 00:00:00 2001 From: thisgun Date: Mon, 1 Apr 2019 11:15:51 +0900 Subject: [PATCH 02/13] =?UTF-8?q?=EC=9E=98=EB=AA=BB=EB=90=9C=20=EC=BD=94?= =?UTF-8?q?=EB=93=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/view_image.php | 4 ++-- skin/latest/basic/latest.skin.php | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/bbs/view_image.php b/bbs/view_image.php index 196df9f4c..c7a7edca7 100644 --- a/bbs/view_image.php +++ b/bbs/view_image.php @@ -12,10 +12,10 @@ if ( ! preg_match('/(jpg|jpeg|png|gif|bmp)$/i', $extension) ){ alert_close('이미지 확장자가 아닙니다.'); } -if(strpos($filename, 'data/editor')) { +if(strpos($filename, G5_DATA_DIR.'/editor')) { $editor_file = strstr($filename, 'editor'); $filepath = G5_DATA_PATH.'/'.$editor_file; -} else if(strpos($filename, 'data/qa')) { +} else if(strpos($filename, G5_DATA_DIR.'/qa')) { $editor_file = strstr($filename, 'qa'); $filepath = G5_DATA_PATH.'/'.$editor_file; } else { diff --git a/skin/latest/basic/latest.skin.php b/skin/latest/basic/latest.skin.php index 1c1a60698..cd7d11efd 100644 --- a/skin/latest/basic/latest.skin.php +++ b/skin/latest/basic/latest.skin.php @@ -3,7 +3,6 @@ if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가 // add_stylesheet('css 구문', 출력순서); 숫자가 작을 수록 먼저 출력됨 add_stylesheet('', 0); -add_javascript('', 10); ?>
From 83d7e1a586c3b574364040b983e2b58ae0739bdb Mon Sep 17 00:00:00 2001 From: thisgun Date: Fri, 12 Apr 2019 10:53:43 +0900 Subject: [PATCH 03/13] =?UTF-8?q?=ED=9A=8C=EC=9B=90=EC=A0=95=EB=B3=B4=20?= =?UTF-8?q?=EA=B4=80=EB=A6=AC=EC=9E=90=EC=97=90=EC=84=9C=20=ED=9A=8C?= =?UTF-8?q?=EC=9B=90=20=EC=B6=94=EA=B0=80=EC=8B=9C=20=EC=95=84=EC=9D=B4?= =?UTF-8?q?=EC=BD=98=20=EC=9D=B4=EB=AF=B8=EC=A7=80=EA=B0=80=20=EC=A0=80?= =?UTF-8?q?=EC=9E=A5=20=EC=95=88=EB=90=98=EB=8A=94=20=EC=98=A4=EB=A5=98=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/member_form_update.php | 41 ++++++++++++++++++++------------------ 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/adm/member_form_update.php b/adm/member_form_update.php index 01975c8ec..c6791d254 100644 --- a/adm/member_form_update.php +++ b/adm/member_form_update.php @@ -120,6 +120,28 @@ else if ($w == 'u') if ($row['mb_id']) alert('이미 존재하는 이메일입니다.\\nID : '.$row['mb_id'].'\\n이름 : '.$row['mb_name'].'\\n닉네임 : '.$row['mb_nick'].'\\n메일 : '.$row['mb_email']); + if ($mb_password) + $sql_password = " , mb_password = '".get_encrypt_string($mb_password)."' "; + else + $sql_password = ""; + + if ($passive_certify) + $sql_certify = " , mb_email_certify = '".G5_TIME_YMDHIS."' "; + else + $sql_certify = ""; + + $sql = " update {$g5['member_table']} + set {$sql_common} + {$sql_password} + {$sql_certify} + where mb_id = '{$mb_id}' "; + sql_query($sql); +} +else + alert('제대로 된 값이 넘어오지 않았습니다.'); + +if( $w == '' || $w == 'u' ){ + $mb_dir = substr($mb_id,0,2); // 회원 아이콘 삭제 @@ -212,26 +234,7 @@ else if ($w == 'u') } } } - - if ($mb_password) - $sql_password = " , mb_password = '".get_encrypt_string($mb_password)."' "; - else - $sql_password = ""; - - if ($passive_certify) - $sql_certify = " , mb_email_certify = '".G5_TIME_YMDHIS."' "; - else - $sql_certify = ""; - - $sql = " update {$g5['member_table']} - set {$sql_common} - {$sql_password} - {$sql_certify} - where mb_id = '{$mb_id}' "; - sql_query($sql); } -else - alert('제대로 된 값이 넘어오지 않았습니다.'); goto_url('./member_form.php?'.$qstr.'&w=u&mb_id='.$mb_id, false); ?> \ No newline at end of file From 77ea93d50f42ac0ad356fb5cd40bc76c0c1bafad Mon Sep 17 00:00:00 2001 From: thisgun Date: Fri, 3 May 2019 09:59:53 +0900 Subject: [PATCH 04/13] =?UTF-8?q?=EB=8B=A4=EC=9A=B4=EB=A1=9C=EB=93=9C=20?= =?UTF-8?q?=EA=B6=8C=ED=95=9C=EC=9D=B4=20=EC=97=86=EC=9D=84=EC=8B=9C=20?= =?UTF-8?q?=EB=82=98=EC=98=A4=EB=8A=94=20=EB=A9=94=EC=8B=9C=EC=A7=80=20?= =?UTF-8?q?=EC=B6=9C=EB=A0=A5=20=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/download.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/bbs/download.php b/bbs/download.php index 575f8571f..5a316d701 100644 --- a/bbs/download.php +++ b/bbs/download.php @@ -25,8 +25,12 @@ if (!$file['bf_file']) // JavaScript 불가일 때 if($js != 'on' && $board['bo_download_point'] < 0) { $msg = $file['bf_source'].' 파일을 다운로드 하시면 포인트가 차감('.number_format($board['bo_download_point']).'점)됩니다.\\n포인트는 게시물당 한번만 차감되며 다음에 다시 다운로드 하셔도 중복하여 차감하지 않습니다.\\n그래도 다운로드 하시겠습니까?'; - $url1 = G5_BBS_URL.'/download.php?'.clean_query_string($_SERVER['QUERY_STRING']).'&js=on'; + $url1 = G5_BBS_URL.'/download.php?'.clean_query_string($_SERVER['QUERY_STRING'], false).'&js=on'; $url2 = clean_xss_tags($_SERVER['HTTP_REFERER']); + + if( $url2 && stripos($url2, $_SERVER['REQUEST_URI']) !== false ){ + $url2 = G5_BBS_URL.'/board.php?'.clean_query_string($_SERVER['QUERY_STRING'], false); + } //$url1 = 확인link, $url2=취소link // 특정주소로 이동시키려면 $url3 이용 From 1655e76d04db03701a2583fd99d7392de1376f10 Mon Sep 17 00:00:00 2001 From: thisgun Date: Fri, 3 May 2019 10:24:18 +0900 Subject: [PATCH 05/13] =?UTF-8?q?=EA=B0=A4=EB=9F=AC=EB=A6=AC=EC=8A=A4?= =?UTF-8?q?=ED=82=A8=EC=97=90=EC=84=9C=20=EB=B9=A0=EC=A7=84=20=EC=BD=94?= =?UTF-8?q?=EB=93=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- skin/board/gallery/list.skin.php | 2 +- theme/basic/skin/board/gallery/list.skin.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/skin/board/gallery/list.skin.php b/skin/board/gallery/list.skin.php index 36b32bfbe..3ce791234 100644 --- a/skin/board/gallery/list.skin.php +++ b/skin/board/gallery/list.skin.php @@ -128,7 +128,7 @@ add_stylesheet('', 0
- 작성자 + 작성자
조회 diff --git a/theme/basic/skin/board/gallery/list.skin.php b/theme/basic/skin/board/gallery/list.skin.php index 3795ce0c6..3ce791234 100644 --- a/theme/basic/skin/board/gallery/list.skin.php +++ b/theme/basic/skin/board/gallery/list.skin.php @@ -128,7 +128,7 @@ add_stylesheet('', 0
- 작성자 + 작성자
조회 From e234b990ec07e23ab739dc7a3f3cb557d6dc1687 Mon Sep 17 00:00:00 2001 From: thisgun Date: Thu, 16 May 2019 15:36:24 +0900 Subject: [PATCH 06/13] =?UTF-8?q?PHP=EB=AC=B8=EB=B2=95=EC=97=90=20?= =?UTF-8?q?=EB=A7=9E=EC=A7=80=20=EC=95=8A=EB=8A=94=20=EC=BD=94=EB=93=9C=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- plugin/sms5/sms5.lib.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/plugin/sms5/sms5.lib.php b/plugin/sms5/sms5.lib.php index 6f872e300..da8f530e1 100644 --- a/plugin/sms5/sms5.lib.php +++ b/plugin/sms5/sms5.lib.php @@ -164,8 +164,8 @@ if($config['cf_sms_type'] == 'LMS') { } function Init() { - $this->Data = ""; // 발송하기 위한 패킷내용이 배열로 들어간다. - $this->Result = ""; // 발송결과값이 배열로 들어간다. + $this->Data = array(); // 발송하기 위한 패킷내용이 배열로 들어간다. + $this->Result = array(); // 발송결과값이 배열로 들어간다. } function Add($strDest, $strCallBack, $strCaller, $strSubject, $strURL, $strData, $strDate="", $nCount) { @@ -260,7 +260,7 @@ if($config['cf_sms_type'] == 'LMS') { $this->Result[] = "$phone:$code"; $this->Log[] = $puts; } - $this->Data = ""; + $this->Data = array(); return true; exit; } @@ -284,7 +284,7 @@ if($config['cf_sms_type'] == 'LMS') { } fclose($fsocket); - $this->Data = ""; + $this->Data = array(); return true; } } @@ -431,7 +431,7 @@ if($config['cf_sms_type'] == 'LMS') { $this->Result[] = "$phone:$code"; $this->Log[] = $puts; } - $this->Data = ""; + $this->Data = array(); return true; exit; } @@ -463,7 +463,7 @@ if($config['cf_sms_type'] == 'LMS') { if ($count++%1000 == 0) sleep(5); } fclose($fsocket); - $this->Data = ""; + $this->Data = array(); return true; } } From 18d4a60e035cc578e979a6f4a0b42477ddb7f032 Mon Sep 17 00:00:00 2001 From: thisgun Date: Fri, 24 May 2019 10:44:48 +0900 Subject: [PATCH 07/13] =?UTF-8?q?[KVE-2019-0688,0689,0691,0694,0708,0709,0?= =?UTF-8?q?750,0762,0791,0802,0846]=20=EA=B7=B8=EB=88=84=EB=B3=B4=EB=93=9C?= =?UTF-8?q?,=EC=98=81=EC=B9=B4=ED=8A=B8=20=EB=8B=A4=EC=A4=91=20=EC=B7=A8?= =?UTF-8?q?=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/board_list_update.php | 24 ++++++++++++------------ adm/contentform.php | 4 ++-- head.sub.php | 3 +++ lib/common.lib.php | 4 ++-- plugin/okname/hpcert1.php | 10 ++++++++-- plugin/okname/hpcert2.php | 10 ++++++++-- plugin/okname/ipin1.php | 10 ++++++++-- plugin/okname/ipin2.php | 10 ++++++++-- theme/basic/head.sub.php | 3 +++ 9 files changed, 54 insertions(+), 24 deletions(-) diff --git a/adm/board_list_update.php b/adm/board_list_update.php index 90a1c5d33..a7f358c1f 100644 --- a/adm/board_list_update.php +++ b/adm/board_list_update.php @@ -30,18 +30,18 @@ if ($_POST['act_button'] == "선택수정") { } $sql = " update {$g5['board_table']} - set gr_id = '".sql_real_escape_string($_POST['gr_id'][$k])."', - bo_subject = '".sql_real_escape_string($_POST['bo_subject'][$k])."', - bo_device = '".sql_real_escape_string($_POST['bo_device'][$k])."', - bo_skin = '".sql_real_escape_string($_POST['bo_skin'][$k])."', - bo_mobile_skin = '".sql_real_escape_string($_POST['bo_mobile_skin'][$k])."', - bo_read_point = '".sql_real_escape_string($_POST['bo_read_point'][$k])."', - bo_write_point = '".sql_real_escape_string($_POST['bo_write_point'][$k])."', - bo_comment_point = '".sql_real_escape_string($_POST['bo_comment_point'][$k])."', - bo_download_point = '".sql_real_escape_string($_POST['bo_download_point'][$k])."', - bo_use_search = '".sql_real_escape_string($_POST['bo_use_search'][$k])."', - bo_use_sns = '".sql_real_escape_string($_POST['bo_use_sns'][$k])."', - bo_order = '".sql_real_escape_string($_POST['bo_order'][$k])."' + set gr_id = '".sql_real_escape_string(strip_tags($_POST['gr_id'][$k]))."', + bo_subject = '".sql_real_escape_string(strip_tags($_POST['bo_subject'][$k]))."', + bo_device = '".sql_real_escape_string(strip_tags($_POST['bo_device'][$k]))."', + bo_skin = '".sql_real_escape_string(strip_tags($_POST['bo_skin'][$k]))."', + bo_mobile_skin = '".sql_real_escape_string(strip_tags($_POST['bo_mobile_skin'][$k]))."', + bo_read_point = '".sql_real_escape_string(strip_tags($_POST['bo_read_point'][$k]))."', + bo_write_point = '".sql_real_escape_string(strip_tags($_POST['bo_write_point'][$k]))."', + bo_comment_point = '".sql_real_escape_string(strip_tags($_POST['bo_comment_point'][$k]))."', + bo_download_point = '".sql_real_escape_string(strip_tags($_POST['bo_download_point'][$k]))."', + bo_use_search = '".sql_real_escape_string(strip_tags($_POST['bo_use_search'][$k]))."', + bo_use_sns = '".sql_real_escape_string(strip_tags($_POST['bo_use_sns'][$k]))."', + bo_order = '".sql_real_escape_string(strip_tags($_POST['bo_order'][$k]))."' where bo_table = '".sql_real_escape_string($_POST['board_table'][$k])."' "; sql_query($sql); diff --git a/adm/contentform.php b/adm/contentform.php index 6217e4603..133f36e2e 100644 --- a/adm/contentform.php +++ b/adm/contentform.php @@ -86,11 +86,11 @@ include_once (G5_ADMIN_PATH.'/admin.head.php'); 내용 - + 모바일 내용 - + diff --git a/head.sub.php b/head.sub.php index 020900ea2..991d51727 100644 --- a/head.sub.php +++ b/head.sub.php @@ -19,6 +19,9 @@ else { $g5_head_title .= " | ".$config['cf_title']; } +$g5['title'] = strip_tags(get_text($g5['title'])); +$g5_head_title = strip_tags(get_text($g5_head_title)); + // 현재 접속자 // 게시판 제목에 ' 포함되면 오류 발생 $g5['lo_location'] = addslashes($g5['title']); diff --git a/lib/common.lib.php b/lib/common.lib.php index d4197e468..a1abcb54b 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -3416,7 +3416,7 @@ function get_head_title($title){ global $g5; if( isset($g5['board_title']) && $g5['board_title'] ){ - $title = $g5['board_title']; + $title = strip_tags(get_text($g5['board_title'])); } return $title; @@ -3547,7 +3547,7 @@ function is_include_path_check($path='', $is_input='') if( preg_match('/\/data\/(file|editor|qa|cache|member|member_image|session|tmp)\/[A-Za-z0-9_]{1,20}\//i', $replace_path) ){ return false; } - if( preg_match('/\.\.\//i', $replace_path) && preg_match('/plugin\//i', $replace_path) && preg_match('/okname\//i', $replace_path) ){ + if( (preg_match('/\.\.\//i', $replace_path) || preg_match('/^\/.*/i', $replace_path)) && preg_match('/plugin\//i', $replace_path) && preg_match('/okname\//i', $replace_path) ){ return false; } } diff --git a/plugin/okname/hpcert1.php b/plugin/okname/hpcert1.php index 45c64bd8f..d81aaeb73 100644 --- a/plugin/okname/hpcert1.php +++ b/plugin/okname/hpcert1.php @@ -1,8 +1,14 @@ Date: Mon, 27 May 2019 09:39:13 +0900 Subject: [PATCH 08/13] =?UTF-8?q?KVE-2019-0828=20=EA=B7=B8=EB=88=84?= =?UTF-8?q?=EB=B3=B4=EB=93=9C=20XSS=20=EC=B7=A8=EC=95=BD=EC=A0=90=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/contentform.php | 2 ++ adm/contentformupdate.php | 1 + bbs/content.php | 2 ++ 3 files changed, 5 insertions(+) diff --git a/adm/contentform.php b/adm/contentform.php index 133f36e2e..4abe574d9 100644 --- a/adm/contentform.php +++ b/adm/contentform.php @@ -104,6 +104,7 @@ include_once (G5_ADMIN_PATH.'/admin.head.php'); + diff --git a/adm/contentformupdate.php b/adm/contentformupdate.php index 69f82f0b0..d9c699b57 100644 --- a/adm/contentformupdate.php +++ b/adm/contentformupdate.php @@ -24,6 +24,7 @@ $co_id = preg_replace('/[^a-z0-9_]/i', '', $co_id); $co_subject = strip_tags($co_subject); $co_include_head = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_head, 0, 255)); $co_include_tail = preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($co_include_tail, 0, 255)); +$co_tag_filter_use = isset($_POST['co_tag_filter_use']) ? (int) $_POST['co_tag_filter_use'] : 1; // 관리자가 자동등록방지를 사용해야 할 경우 if (($co_row['co_include_head'] !== $co_include_head || $co_row['co_include_tail'] !== $co_include_tail) && function_exists('get_admin_captcha_by') && get_admin_captcha_by()){ diff --git a/bbs/content.php b/bbs/content.php index 366e11e54..fb19fd7e3 100644 --- a/bbs/content.php +++ b/bbs/content.php @@ -26,6 +26,8 @@ if ($co['co_include_head'] && is_include_path_check($co['co_include_head'])) else include_once('./_head.php'); +// KVE-2019-0828 취약점 내용 +$co['co_tag_filter_use'] = 1; $str = conv_content($co['co_content'], $co['co_html'], $co['co_tag_filter_use']); // $src 를 $dst 로 변환 From 9773c13d5d788eaac51b2aa151eb2973dbd1ee3d Mon Sep 17 00:00:00 2001 From: thisgun Date: Tue, 28 May 2019 11:57:58 +0900 Subject: [PATCH 09/13] =?UTF-8?q?KVE-2019-0724=20=EC=B7=A8=EC=95=BD?= =?UTF-8?q?=EC=A0=90=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/admin.lib.php | 2 +- extend/sms5.extend.php | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/adm/admin.lib.php b/adm/admin.lib.php index ececd06ab..3c99546d9 100644 --- a/adm/admin.lib.php +++ b/adm/admin.lib.php @@ -477,7 +477,7 @@ function admin_check_xss_params($params){ if( is_array($value) ){ admin_check_xss_params($value); - } else if ( preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && (preg_match('/script.*?\/script/ius', $value) || preg_match('/onload=.*/ius', $value)) ){ + } else if ( preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && (preg_match('/script.*?\/script/ius', $value) || preg_match('/[onload|onerror]=.*/ius', $value)) ){ alert('요청 쿼리에 잘못된 스크립트문장이 있습니다.\\nXSS 공격일수도 있습니다.'); die(); } diff --git a/extend/sms5.extend.php b/extend/sms5.extend.php index eee1022ef..dbef097cf 100644 --- a/extend/sms5.extend.php +++ b/extend/sms5.extend.php @@ -23,6 +23,8 @@ $g5['sms5_book_group_table'] = $g5['sms5_prefix'] . 'book_group'; $g5['sms5_form_table'] = $g5['sms5_prefix'] . 'form'; $g5['sms5_form_group_table'] = $g5['sms5_prefix'] . 'form_group'; +$sms5 = array(); + if (!empty($config['cf_sms_use'])) { $sms5 = sql_fetch("select * from {$g5['sms5_config_table']} ", false); From 166727879a69b16930925c48b2ce03d65e260ecf Mon Sep 17 00:00:00 2001 From: thisgun Date: Tue, 28 May 2019 18:22:08 +0900 Subject: [PATCH 10/13] =?UTF-8?q?=EC=A0=9C=EB=B3=B4=EB=B0=9B=EC=9D=80=20?= =?UTF-8?q?=EC=9E=91=EC=9D=80=20=EB=AC=B8=EC=A0=9C=EB=93=A4=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/sms_admin/history_view.php | 8 ++++---- install/install_config.php | 2 +- install/install_db.php | 4 ++++ lib/common.lib.php | 5 +++++ 4 files changed, 14 insertions(+), 5 deletions(-) diff --git a/adm/sms_admin/history_view.php b/adm/sms_admin/history_view.php index 498d7fe03..43e144fa4 100644 --- a/adm/sms_admin/history_view.php +++ b/adm/sms_admin/history_view.php @@ -131,22 +131,22 @@ function all_send() - - + + 수정 - + -
+

관리자 아이디는 영문자, 숫자, _ 만 입력하세요.

뒤로가기
'); +} + $dblink = sql_connect($mysql_host, $mysql_user, $mysql_pass, $mysql_db); if (!$dblink) { ?> diff --git a/lib/common.lib.php b/lib/common.lib.php index a1abcb54b..eb3f7c513 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -2752,6 +2752,11 @@ function module_exec_check($exe, $type) } else { // 바이너리 파일인지 if($is_linux) { + + if ( !function_exists('exec') ) { + alert('exec 함수실행이 불가능하므로 사용할수 없습니다.'); + } + $search = false; $isbinary = true; $executable = true; From b1ac49a7381773e3c786f75e479084234d868616 Mon Sep 17 00:00:00 2001 From: thisgun Date: Wed, 29 May 2019 09:58:04 +0900 Subject: [PATCH 11/13] =?UTF-8?q?=EC=B7=A8=EC=95=BD=EC=A0=90=20=EC=88=98?= =?UTF-8?q?=EC=A0=95=20Some=20security=20vulnerabilities=20#43?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bbs/login.php | 2 +- bbs/move_update.php | 2 ++ install/ajax.install.check.php | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/bbs/login.php b/bbs/login.php index 30a3fe867..1a1697663 100644 --- a/bbs/login.php +++ b/bbs/login.php @@ -8,7 +8,7 @@ if( function_exists('social_check_login_before') ){ $g5['title'] = '로그인'; include_once('./_head.sub.php'); -$url = $_GET['url']; +$url = strip_tags($_GET['url']); // url 체크 check_url_host($url); diff --git a/bbs/move_update.php b/bbs/move_update.php index 92a5e2d18..648893398 100644 --- a/bbs/move_update.php +++ b/bbs/move_update.php @@ -1,6 +1,8 @@ Date: Wed, 29 May 2019 12:01:25 +0900 Subject: [PATCH 12/13] =?UTF-8?q?KVE-2019-0789,=200821,=200860=20=EC=B7=A8?= =?UTF-8?q?=EC=95=BD=EC=A0=90=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/config_form_update.php | 2 +- adm/menu_list.php | 2 +- adm/menu_list_update.php | 12 ++++++------ plugin/syndi/ping.php | 2 +- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/adm/config_form_update.php b/adm/config_form_update.php index 533782c7a..f8ebc22fa 100644 --- a/adm/config_form_update.php +++ b/adm/config_form_update.php @@ -28,7 +28,7 @@ $cf_social_servicelist = !empty($_POST['cf_social_servicelist']) ? implode(',', $_POST['cf_title'] = strip_tags($_POST['cf_title']); -$check_keys = array('cf_lg_mid', 'cf_lg_mert_key', 'cf_cert_kcb_cd', 'cf_cert_kcp_cd', 'cf_editor', 'cf_recaptcha_site_key', 'cf_recaptcha_secret_key'); +$check_keys = array('cf_lg_mid', 'cf_lg_mert_key', 'cf_cert_kcb_cd', 'cf_cert_kcp_cd', 'cf_editor', 'cf_recaptcha_site_key', 'cf_recaptcha_secret_key', 'cf_naver_clientid', 'cf_naver_secret', 'cf_facebook_appid', 'cf_facebook_secret', 'cf_twitter_key', 'cf_twitter_secret', 'cf_google_clientid', 'cf_google_secret', 'cf_googl_shorturl_apikey', 'cf_kakao_rest_key', 'cf_kakao_client_secret', 'cf_kakao_js_apikey', 'cf_payco_clientid', 'cf_payco_secret'); foreach( $check_keys as $key ){ if ( isset($_POST[$key]) && $_POST[$key] ){ diff --git a/adm/menu_list.php b/adm/menu_list.php index 4a6c25127..4ff7db524 100644 --- a/adm/menu_list.php +++ b/adm/menu_list.php @@ -76,7 +76,7 @@ $colspan = 7; - + diff --git a/adm/menu_list_update.php b/adm/menu_list_update.php index 3aaf18b11..a91b4897f 100644 --- a/adm/menu_list_update.php +++ b/adm/menu_list_update.php @@ -21,8 +21,8 @@ for ($i=0; $i<$count; $i++) { $_POST = array_map_deep('trim', $_POST); - $code = $_POST['code'][$i]; - $me_name = $_POST['me_name'][$i]; + $code = strip_tags($_POST['code'][$i]); + $me_name = strip_tags($_POST['me_name'][$i]); $me_link = (preg_match('/^javascript/i', $_POST['me_link'][$i]) || preg_match('/script:/i', $_POST['me_link'][$i])) ? G5_URL : strip_tags($_POST['me_link'][$i]); if(!$code || !$me_name || !$me_link) @@ -59,10 +59,10 @@ for ($i=0; $i<$count; $i++) set me_code = '$me_code', me_name = '$me_name', me_link = '$me_link', - me_target = '{$_POST['me_target'][$i]}', - me_order = '{$_POST['me_order'][$i]}', - me_use = '{$_POST['me_use'][$i]}', - me_mobile_use = '{$_POST['me_mobile_use'][$i]}' "; + me_target = '".sql_real_escape_string(strip_tags($_POST['me_target'][$i]))."', + me_order = '".sql_real_escape_string(strip_tags($_POST['me_order'][$i]))."', + me_use = '".sql_real_escape_string(strip_tags($_POST['me_use'][$i]))."', + me_mobile_use = '".sql_real_escape_string(strip_tags($_POST['me_mobile_use'][$i]))."' "; sql_query($sql); } diff --git a/plugin/syndi/ping.php b/plugin/syndi/ping.php index fe5610c01..ff869b876 100644 --- a/plugin/syndi/ping.php +++ b/plugin/syndi/ping.php @@ -29,7 +29,7 @@ $feed_updated = date('Y-m-d\TH:i:s\+09:00', G5_SERVER_TIME); $find = array('&', ' '); # 찾아서 $replace = array('&', ' '); # 바꾼다 -$content = str_replace( $find, $replace, $write['wr_content'] ); +$content = str_replace( $find, $replace, html_purifier($write['wr_content']) ); $summary = str_replace( $find, $replace, strip_tags($write['wr_content']) ); Header("Content-type: text/xml"); From 2ec7390cd68e026cbbce7495ea49dd0f0dde97f0 Mon Sep 17 00:00:00 2001 From: thisgun Date: Wed, 29 May 2019 12:07:34 +0900 Subject: [PATCH 13/13] =?UTF-8?q?5.3.2.9=20=EB=B2=84=EC=A0=84=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.php b/config.php index 7d1ff4c27..8ab30cf18 100644 --- a/config.php +++ b/config.php @@ -5,7 +5,7 @@ ********************/ define('G5_VERSION', '그누보드5'); -define('G5_GNUBOARD_VER', '5.3.2.8'); +define('G5_GNUBOARD_VER', '5.3.2.9'); // 이 상수가 정의되지 않으면 각각의 개별 페이지는 별도로 실행될 수 없음 define('_GNUBOARD_', true);