Skip to content
This repository has been archived by the owner on Jun 24, 2021. It is now read-only.

Commit

Permalink
KVE-2018-0732 취약점 수정
Browse files Browse the repository at this point in the history
  • Loading branch information
@thisgun
thisgun committed Oct 8, 2018
1 parent 594df53 commit 952a426
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 8 deletions.
13 changes: 13 additions & 0 deletions adm/admin.lib.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -489,6 +489,19 @@ function admin_referer_check($return=false)
if (isset($page)) $arr_query[] = 'page='.$page;
$qstr = implode("&", $arr_query);

if ( isset($_REQUEST) && $_REQUEST ){
if( admin_referer_check(true) ){

foreach( $_REQUEST as $key=>$value ){
if( $value && preg_match('/<\s?[^\>]*\/?\s?>/i', $value) && preg_match('/script.*?\/script/ius', $value) ){
alert('요청 쿼리에 잘못된 스크립트문장이 있습니다.\\nXSS 공격일수도 있습니다.');
die();
}
}

}
}

// 관리자에서는 추가 스크립트는 사용하지 않는다.
//$config['cf_add_script'] = '';
?>
16 changes: 8 additions & 8 deletions adm/member_list_update.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,19 +29,19 @@
$msg .= $mb['mb_id'].' : 로그인 중인 관리자는 수정 할 수 없습니다.\\n';
} else {
if($_POST['mb_certify'][$k])
$mb_adult = $_POST['mb_adult'][$k];
$mb_adult = (int) $_POST['mb_adult'][$k];
else
$mb_adult = 0;

$sql = " update {$g5['member_table']}
set mb_level = '{$_POST['mb_level'][$k]}',
mb_intercept_date = '{$_POST['mb_intercept_date'][$k]}',
mb_mailling = '{$_POST['mb_mailling'][$k]}',
mb_sms = '{$_POST['mb_sms'][$k]}',
mb_open = '{$_POST['mb_open'][$k]}',
mb_certify = '{$_POST['mb_certify'][$k]}',
set mb_level = '".sql_real_escape_string($_POST['mb_level'][$k])."',
mb_intercept_date = '".sql_real_escape_string($_POST['mb_intercept_date'][$k])."',
mb_mailling = '".sql_real_escape_string($_POST['mb_mailling'][$k])."',
mb_sms = '".sql_real_escape_string($_POST['mb_sms'][$k])."',
mb_open = '".sql_real_escape_string($_POST['mb_open'][$k])."',
mb_certify = '".sql_real_escape_string($_POST['mb_certify'][$k])."',
mb_adult = '{$mb_adult}'
where mb_id = '{$_POST['mb_id'][$k]}' ";
where mb_id = '".sql_real_escape_string($_POST['mb_id'][$k])."' ";
sql_query($sql);
}
}
Expand Down
2 changes: 2 additions & 0 deletions lib/common.lib.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -714,6 +714,8 @@ function get_group($gr_id)
function get_member($mb_id, $fields='*')
{
global $g5;

$mb_id = preg_replace("/[^0-9a-z_]+/i", "", $mb_id);

return sql_fetch(" select $fields from {$g5['member_table']} where mb_id = TRIM('$mb_id') ");
}
Expand Down

0 comments on commit 952a426

Please sign in to comment.