Skip to content
This repository has been archived by the owner on Jun 24, 2021. It is now read-only.

Commit

Permalink
커맨드 인젝션 취약점(16-164, 16-165) 수정
Browse files Browse the repository at this point in the history
  • Loading branch information
chicpro committed Feb 29, 2016
1 parent 09080bf commit f72a4d1
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 2 deletions.
9 changes: 8 additions & 1 deletion plugin/okname/hpcert.config.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,14 @@
$svcTxSeqno = get_uniqid(); // 거래번호. 동일문자열을 두번 사용할 수 없음. ( 20자리의 문자열. 0-9,A-Z,a-z 사용.)

$clientIp = $_SERVER['SERVER_ADDR']; // 회원사 IP, $_SERVER["SERVER_ADDR"] 사용가능.
$clientDomain = $_SERVER['HTTP_HOST']; // 회원사 도메인, $_SERVER["HTTP_HOST"] 사용가능.
//$clientDomain = $_SERVER['HTTP_HOST']; // 회원사 도메인, $_SERVER["HTTP_HOST"] 사용가능.
$p = @parse_url($_SERVER['HTTP_HOST']);
if(isset($p['host']) && $p['host'])
$clientDomain = $p['host'];
else
$clientDomain = $_SERVER['SERVER_NAME'];
unset($p);


$rsv1 = '0'; // 예약 항목
$rsv2 = '0'; // 예약 항목
Expand Down
3 changes: 2 additions & 1 deletion plugin/okname/hpcert2.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,8 @@
**************************************************************************/

/* 공통 리턴 항목 */
$idcfMbrComCd = $_POST['idcf_mbr_com_cd']; // 고객사코드
//$idcfMbrComCd = $_POST['idcf_mbr_com_cd']; // 고객사코드
$idcfMbrComCd = $memId;
$hsCertSvcTxSeqno = $_POST['hs_cert_svc_tx_seqno']; // 거래번호
$rqstSiteNm = $_POST['rqst_site_nm']; // 접속도메인
$hsCertRqstCausCd = $_POST['hs_cert_rqst_caus_cd']; // 인증요청사유코드 2byte (00:회원가입, 01:성인인증, 02:회원정보수정, 03:비밀번호찾기, 04:상품구매, 99:기타)
Expand Down

0 comments on commit f72a4d1

Please sign in to comment.