Skip to content
This repository has been archived by the owner on Jun 24, 2021. It is now read-only.

Commit

Permalink
[KVE-2020-0656]영카트 제로클릭 명령어삽입 취약점 수정
Browse files Browse the repository at this point in the history
  • Loading branch information
@thisgun
thisgun committed Aug 13, 2020
1 parent c2bb7d2 commit b29af1e
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 5 deletions.
4 changes: 2 additions & 2 deletions mobile/shop/kcp/pp_ax_hub.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,10 +30,10 @@
/* = 01. 지불 요청 정보 설정 = */
/* = -------------------------------------------------------------------------- = */
$req_tx = $_POST[ "req_tx" ]; // 요청 종류
$tran_cd = $_POST[ "tran_cd" ]; // 처리 종류
$tran_cd = preg_replace('/[^0-9A-Za-z_\-\.]/i', '', $_POST[ "tran_cd" ]); // 처리 종류
/* = -------------------------------------------------------------------------- = */
$cust_ip = getenv( "REMOTE_ADDR" ); // 요청 IP
$ordr_idxx = $_POST[ "ordr_idxx" ]; // 쇼핑몰 주문번호
$ordr_idxx = preg_replace('/[^0-9A-Za-z_\-\.]/i', '', $_POST[ "ordr_idxx" ]); // 쇼핑몰 주문번호
$good_name = addslashes($_POST[ "good_name" ]); // 상품명
$good_mny = $_POST[ "good_mny" ]; // 결제 총금액
/* = -------------------------------------------------------------------------- = */
Expand Down
4 changes: 2 additions & 2 deletions shop/kcp/pp_ax_hub.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,10 +40,10 @@
/* = 01. 지불 요청 정보 설정 = */
/* = -------------------------------------------------------------------------- = */
$req_tx = $_POST[ "req_tx" ]; // 요청 종류
$tran_cd = $_POST[ "tran_cd" ]; // 처리 종류
$tran_cd = preg_replace('/[^0-9A-Za-z_\-\.]/i', '', $_POST[ "tran_cd" ]); // 처리 종류
/* = -------------------------------------------------------------------------- = */
$cust_ip = getenv( "REMOTE_ADDR" ); // 요청 IP
$ordr_idxx = $_POST[ "ordr_idxx" ]; // 쇼핑몰 주문번호
$ordr_idxx = preg_replace('/[^0-9A-Za-z_\-\.]/i', '', $_POST[ "ordr_idxx" ]); // 쇼핑몰 주문번호
$good_name = addslashes($_POST[ "good_name"]); // 상품명
$good_mny = $_POST[ "good_mny" ]; // 결제 총금액
/* = -------------------------------------------------------------------------- = */
Expand Down
3 changes: 2 additions & 1 deletion shop/kcp/pp_cli_hub.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@
$req_tx = $_POST[ "req_tx" ]; // 요청 종류
$trad_time = $_POST[ "trad_time" ]; // 원거래 시각
/* = -------------------------------------------------------------------------- = */
$ordr_idxx = $_POST[ "ordr_idxx" ]; // 주문 번호
$ordr_idxx = preg_replace('/[^0-9A-Za-z_\-\.]/i', '', $_POST[ "ordr_idxx" ]); // 주문 번호
$buyr_name = $_POST[ "buyr_name" ]; // 주문자 이름
$buyr_tel1 = $_POST[ "buyr_tel1" ]; // 주문자 전화번호
$buyr_mail = $_POST[ "buyr_mail" ]; // 주문자 E-Mail
Expand Down Expand Up @@ -95,6 +95,7 @@

$buyr_name = iconv("utf-8", "cp949", $buyr_name);
$good_name = iconv("utf-8", "cp949", $good_name);
$tx_cd = '';

/* ============================================================================== */
/* = 02. 인스턴스 생성 및 초기화 = */
Expand Down

0 comments on commit b29af1e

Please sign in to comment.