OpenRediect 취약점 수정

gnuboard · Jan 25, 2024 · 15f2037 · 15f2037
1 parent cb6b39c
commit 15f2037
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/bbs/logout.php b/bbs/logout.php
@@ -19,7 +19,7 @@
     if ( substr($url, 0, 2) == '//' )
         $url = 'http:' . $url;
 
-    $p = @parse_url(urldecode($url));
+    $p = @parse_url(urldecode(str_replace('\\', '', $url)));
     /*
         // OpenRediect 취약점관련, PHP 5.3 이하버전에서는 parse_url 버그가 있음 ( Safflower 님 제보 ) 아래 url 예제
         // http://localhost/bbs/logout.php?url=http://sir.kr%23@/

diff --git a/lib/common.lib.php b/lib/common.lib.php
@@ -3612,7 +3612,8 @@ function check_url_host($url, $msg='', $return_url=G5_URL, $is_redirect=false)
     while ( ( $replace_url = preg_replace(array('/\/{2,}/', '/\\@/'), array('//', ''), urldecode($url)) ) != $url ) {
         $url = $replace_url;
     }
-    $p = @parse_url(trim($url));
+
+    $p = @parse_url(trim(str_replace('\\', '', $url)));
     $host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']);
     $is_host_check = false;