[보안패치] 그누보드 5.0.38 정보
[보안패치] 그누보드 5.0.38첨부파일
본문
** 수정내역 **
CSRF 취약점을 수정했습니다. (SIR을 통해 adm1nkyj 님이 알려주셨습니다.)
https://github.com/gnuboard/gnuboard5/commit/8821583e8f4ebc62166446723040cbd5b03f33a9
327369a 버전변경
M config.php
c56498a CSRF 취약점 수정
M adm/newwinformupdate.php
M bbs/poll_etc_update.php
M bbs/scrap_popin_update.php
808ac0f PHP_SELF 를 SCRIPT_NAME 으로 변경
M adm/admin.lib.php
M adm/auth_list.php
M adm/board_list.php
M adm/boardgroup_list.php
M adm/boardgroupmember_list.php
M adm/contentlist.php
M adm/faqmasterlist.php
M adm/index.php
M adm/member_list.php
M adm/point_list.php
M adm/poll_list.php
M adm/popular_list.php
M adm/popular_rank.php
M adm/sms_admin/_common.php
M adm/sms_admin/ajax.sms_write_person.php
M adm/sms_admin/form_list.php
M adm/sms_admin/history_list.php
M adm/sms_admin/history_member.php
M adm/sms_admin/history_num.php
M adm/sms_admin/history_view.php
M adm/sms_admin/install.php
M adm/sms_admin/num_book.php
M adm/sms_admin/sms_write_form.php
M adm/visit_list.php
M adm/visit_search.php
M bbs/search.php
M bbs/write.php
M lib/common.lib.php
M lib/mailer.lib.php
M mobile/skin/faq/basic/list.skin.php
M mobile/skin/member/basic/point.skin.php
M skin/faq/basic/list.skin.php
M skin/member/basic/point.skin.php
CSRF 취약점을 수정했습니다. (SIR을 통해 adm1nkyj 님이 알려주셨습니다.)
https://github.com/gnuboard/gnuboard5/commit/8821583e8f4ebc62166446723040cbd5b03f33a9
327369a 버전변경
M config.php
c56498a CSRF 취약점 수정
M adm/newwinformupdate.php
M bbs/poll_etc_update.php
M bbs/scrap_popin_update.php
808ac0f PHP_SELF 를 SCRIPT_NAME 으로 변경
M adm/admin.lib.php
M adm/auth_list.php
M adm/board_list.php
M adm/boardgroup_list.php
M adm/boardgroupmember_list.php
M adm/contentlist.php
M adm/faqmasterlist.php
M adm/index.php
M adm/member_list.php
M adm/point_list.php
M adm/poll_list.php
M adm/popular_list.php
M adm/popular_rank.php
M adm/sms_admin/_common.php
M adm/sms_admin/ajax.sms_write_person.php
M adm/sms_admin/form_list.php
M adm/sms_admin/history_list.php
M adm/sms_admin/history_member.php
M adm/sms_admin/history_num.php
M adm/sms_admin/history_view.php
M adm/sms_admin/install.php
M adm/sms_admin/num_book.php
M adm/sms_admin/sms_write_form.php
M adm/visit_list.php
M adm/visit_search.php
M bbs/search.php
M bbs/write.php
M lib/common.lib.php
M lib/mailer.lib.php
M mobile/skin/faq/basic/list.skin.php
M mobile/skin/member/basic/point.skin.php
M skin/faq/basic/list.skin.php
M skin/member/basic/point.skin.php
댓글 13개

감사합니다
감사합니다~!
혹시 PHP_SELF 를 SCRIPT_NAME 으로 변경한 이유를 알 수 있을까요?

아래 곱슬최씨님과 같은 이유때문입니다.
script 코드가 붙어 있어도 필터링되지 않고 그대로 출력됩니다.
script 코드가 붙어 있어도 필터링되지 않고 그대로 출력됩니다.
아하~ 답변 감사드립니다^^

감사합니다.
PHP_SELF 대신 SCRIPT_NAME 써야겠네요.
http://도메인.com/test.php/index.php 결과
<?php
echo "<div>{$_SERVER['PHP_SELF']}</div>";
echo "<div>{$_SERVER['SCRIPT_NAME']}</div>";
?>
/test.php/index.php
/test.php
PHP_SELF 대신 SCRIPT_NAME 써야겠네요.
http://도메인.com/test.php/index.php 결과
<?php
echo "<div>{$_SERVER['PHP_SELF']}</div>";
echo "<div>{$_SERVER['SCRIPT_NAME']}</div>";
?>
/test.php/index.php
/test.php
+1 설명 감사드립니다~

주소를 저런식으로 사용하는 경우가 있나요?

감사합니다.

감사합니다.
고생하셨습니다.

감사합니다

감사합니다.