Skip to content
Permalink
Browse files

KVE-2019-0082 원격취약점 수정

  • Loading branch information...
thisgun committed Mar 13, 2019
1 parent 99d3cf8 commit 4f6bbdf914720b2171a19270a0ad34cbad1a664b
@@ -16,8 +16,9 @@
{
// 실제 번호를 넘김
$k = $_POST['chk'][$i];
$ccz_id = (int) $_POST['cz_id'][$k];
$sql = " delete from {$g5['g5_shop_coupon_zone_table']} where cz_id = '{$_POST['cz_id'][$k]}' ";
$sql = " delete from {$g5['g5_shop_coupon_zone_table']} where cz_id = '{$ccz_id}' ";
sql_query($sql);
}
@@ -19,10 +19,13 @@
if ($ev_himg_del) @unlink(G5_DATA_PATH."/event/{$ev_id}_h");
if ($ev_timg_del) @unlink(G5_DATA_PATH."/event/{$ev_id}_t");
$ev_skin = preg_replace('#\.+/#', '', $ev_skin);
$ev_mobile_skin = preg_replace('#\.+/#', '', $ev_mobile_skin);
$skin_regex_patten = "^list.[0-9]+\.skin\.php";
$ev_skin = (preg_match("/$pattern/", $ev_skin) && G5_SHOP_SKIN_PATH.'/'.file_exists($ev_skin)) ? $ev_skin : '';
$ev_mobile_skin = (preg_match("/$pattern/", $ev_mobile_skin) && G5_MSHOP_SKIN_PATH.'/'.file_exists($ev_mobile_skin)) ? $ev_mobile_skin : '';
$ev_skin = (preg_match("/$skin_regex_patten/", $ev_skin) && file_exists(G5_SHOP_SKIN_PATH.'/'.$ev_skin)) ? $ev_skin : '';
$ev_mobile_skin = (preg_match("/$skin_regex_patten/", $ev_mobile_skin) && file_exists(G5_MSHOP_SKIN_PATH.'/'.$ev_mobile_skin)) ? $ev_mobile_skin : '';
$sql_common = " set ev_skin = '$ev_skin',
ev_mobile_skin = '$ev_mobile_skin',
@@ -8,16 +8,18 @@
for ($i=0; $i<count($_POST['it_id']); $i++)
{
$iit_id = preg_replace('/[^a-z0-9_\-]/i', '', $_POST['it_id'][$i]);
$sql = " delete from {$g5['g5_shop_event_item_table']}
where ev_id = '$ev_id'
and it_id = '{$_POST['it_id'][$i]}' ";
and it_id = '{$iit_id}' ";
sql_query($sql);
if ($_POST['ev_chk'][$i])
if (isset($_POST['ev_chk'][$i]) && $_POST['ev_chk'][$i])
{
$sql = "insert into {$g5['g5_shop_event_item_table']}
set ev_id = '$ev_id',
it_id = '{$_POST['it_id'][$i]}' ";
it_id = '{$iit_id}' ";
sql_query($sql);
}
@@ -17,8 +17,9 @@
for ($i=0; $i<count($_POST['chk']); $i++) {
// 실제 번호를 넘김
$k = $_POST['chk'][$i];
$iiq_id = (int) $_POST['iq_id'][$k];
$sql = "delete from {$g5['g5_shop_item_qa_table']} where iq_id = '{$_POST['iq_id'][$k]}' ";
$sql = "delete from {$g5['g5_shop_item_qa_table']} where iq_id = '{$iiq_id}' ";
sql_query($sql);
}
}
@@ -12,12 +12,12 @@
for ($i=0; $i<count($_POST['it_id']); $i++)
{
$sql = "update {$g5['g5_shop_item_table']}
set it_stock_qty = '{$_POST['it_stock_qty'][$i]}',
it_noti_qty = '{$_POST['it_noti_qty'][$i]}',
it_use = '{$_POST['it_use'][$i]}',
it_soldout = '{$_POST['it_soldout'][$i]}',
it_stock_sms = '{$_POST['it_stock_sms'][$i]}'
where it_id = '{$_POST['it_id'][$i]}' ";
set it_stock_qty = '".sql_real_escape_string($_POST['it_stock_qty'][$i])."',
it_noti_qty = '".sql_real_escape_string($_POST['it_noti_qty'][$i])."',
it_use = '".sql_real_escape_string($_POST['it_use'][$i])."',
it_soldout = '".sql_real_escape_string($_POST['it_soldout'][$i])."',
it_stock_sms = '".sql_real_escape_string($_POST['it_stock_sms'][$i])."'
where it_id = '".sql_real_escape_string($_POST['it_id'][$i])."' ";
sql_query($sql);
}
@@ -20,10 +20,11 @@
// 실제 번호를 넘김
$k = $_POST['chk'][$i];
$sss_id = (int) $_POST['ss_id'][$k];
$sql = " select a.ss_id, a.ss_hp, a.ss_send, b.it_id, b.it_name
from {$g5['g5_shop_item_stocksms_table']} a left join {$g5['g5_shop_item_table']} b on ( a.it_id = b.it_id )
where a.ss_id = '{$_POST['ss_id'][$k]}' ";
where a.ss_id = '$sss_id' ";
$row = sql_fetch($sql);
if(!$row['ss_id'] || !$row['it_id'] || $row['ss_send'])
@@ -43,7 +44,7 @@
$sql = " update {$g5['g5_shop_item_stocksms_table']}
set ss_send = '1',
ss_send_time = '".G5_TIME_YMDHIS."'
where ss_id = '{$_POST['ss_id'][$k]}' ";
where ss_id = '{$sss_id}' ";
sql_query($sql);
}
@@ -105,8 +106,9 @@
for ($i=0; $i<count($_POST['chk']); $i++) {
// 실제 번호를 넘김
$k = $_POST['chk'][$i];
$sss_id = (int) $_POST['ss_id'][$k];
$sql = " delete from {$g5['g5_shop_item_stocksms_table']} where ss_id = '{$_POST['ss_id'][$k]}' ";
$sql = " delete from {$g5['g5_shop_item_stocksms_table']} where ss_id = '{$sss_id}' ";
sql_query($sql);
}
}
@@ -11,12 +11,12 @@
for ($i=0; $i<count($_POST['it_id']); $i++)
{
$sql = "update {$g5['g5_shop_item_table']}
set it_type1 = '{$_POST['it_type1'][$i]}',
it_type2 = '{$_POST['it_type2'][$i]}',
it_type3 = '{$_POST['it_type3'][$i]}',
it_type4 = '{$_POST['it_type4'][$i]}',
it_type5 = '{$_POST['it_type5'][$i]}'
where it_id = '{$_POST['it_id'][$i]}' ";
set it_type1 = '".sql_real_escape_string($_POST['it_type1'][$i])."',
it_type2 = '".sql_real_escape_string($_POST['it_type2'][$i])."',
it_type3 = '".sql_real_escape_string($_POST['it_type3'][$i])."',
it_type4 = '".sql_real_escape_string($_POST['it_type4'][$i])."',
it_type5 = '".sql_real_escape_string($_POST['it_type5'][$i])."'
where it_id = '".sql_real_escape_string($_POST['it_id'][$i])."' ";
sql_query($sql);
}
@@ -21,23 +21,29 @@
for ($i=0; $i<count($_POST['chk']); $i++)
{
$k = $_POST['chk'][$i]; // 실제 번호를 넘김
$iit_id = isset($_POST['it_id'][$k]) ? preg_replace('/[^a-z0-9_\-]/i', '', $_POST['it_id'][$k]) : '';
$iis_id = isset($_POST['is_id'][$k]) ? (int) $_POST['is_id'][$k] : 0;
$iis_score = isset($_POST['is_score'][$k]) ? (int) $_POST['is_score'][$k] : 0;
$iis_confirm = isset($_POST['is_confirm'][$k]) ? (int) $_POST['is_confirm'][$k] : 0;
if ($_POST['act_button'] == "선택수정")
{
$sql = "update {$g5['g5_shop_item_use_table']}
set is_score = '{$_POST['is_score'][$k]}',
is_confirm = '{$_POST['is_confirm'][$k]}'
where is_id = '{$_POST['is_id'][$k]}' ";
set is_score = '{$iis_score}',
is_confirm = '{$iis_confirm}'
where is_id = '{$iis_id}' ";
sql_query($sql);
}
else if ($_POST['act_button'] == "선택삭제")
{
$sql = "delete from {$g5['g5_shop_item_use_table']} where is_id = '{$_POST['is_id'][$k]}' ";
$sql = "delete from {$g5['g5_shop_item_use_table']} where is_id = '{$iis_id}' ";
sql_query($sql);
}
update_use_cnt($_POST['it_id'][$k]);
update_use_avg($_POST['it_id'][$k]);
if($iit_id){
update_use_cnt($iit_id);
update_use_avg($iit_id);
}
}
goto_url("./itemuselist.php?sca=$sca&amp;sst=$sst&amp;sod=$sod&amp;sfl=$sfl&amp;stx=$stx&amp;page=$page");
@@ -12,12 +12,12 @@
for ($i=0; $i<count($_POST['it_id']); $i++)
{
$sql = "update {$g5['g5_shop_item_option_table']}
set io_stock_qty = '{$_POST['io_stock_qty'][$i]}',
io_noti_qty = '{$_POST['io_noti_qty'][$i]}',
io_use = '{$_POST['io_use'][$i]}'
where it_id = '{$_POST['it_id'][$i]}'
and io_id = '{$_POST['io_id'][$i]}'
and io_type = '{$_POST['io_type'][$i]}' ";
set io_stock_qty = '".sql_real_escape_string($_POST['io_stock_qty'][$i])."',
io_noti_qty = '".sql_real_escape_string($_POST['io_noti_qty'][$i])."',
io_use = '".sql_real_escape_string($_POST['io_use'][$i])."'
where it_id = '".sql_real_escape_string($_POST['it_id'][$i])."'
and io_id = '".sql_real_escape_string($_POST['io_id'][$i])."'
and io_type = '".sql_real_escape_string($_POST['io_type'][$i])."' ";
sql_query($sql);
}
@@ -16,8 +16,9 @@
{
// 실제 번호를 넘김
$k = $_POST['chk'][$i];
$ppp_id = (int) $_POST['pp_id'][$k];
$sql = " delete from {$g5['g5_shop_personalpay_table']} where pp_id = '{$_POST['pp_id'][$k]}' ";
$sql = " delete from {$g5['g5_shop_personalpay_table']} where pp_id = '{$ppp_id}' ";
sql_query($sql);
}

0 comments on commit 4f6bbdf

Please sign in to comment.
You can’t perform that action at this time.