[보안패치] 영카트 5.1.13 정보
[보안패치] 영카트 5.1.13첨부파일
본문
** 수정내역 **
XSS 취약점 (16-059, 16-060) 이휘원님이 한국인터넷진흥원통해 알려주셨습니다.
XSS 취약점(15-727) 한국인터넷진흥원에서 알려주셨습니다.
Reflected XSS 취약점(16-036) 한국인터넷진흥원에서 알려주셨습니다.
비밀 댓글 노출 취약점(16-067) 한국인터넷진흥원에서 알려주셨습니다.
https://github.com/gnuboard/youngcart5/commit/986ecbbc948c8fa0191692b979702ef4a3ac577d
https://github.com/gnuboard/youngcart5/commit/80ad50a2de7a87c2f57320f7a1bddd28d8e094c1
https://github.com/gnuboard/youngcart5/commit/5e8259722160e432b6e4fc8a48081512ea38abb5
https://github.com/gnuboard/youngcart5/commit/47818151f15d85ee96e13f08fbf7be9faaea6c87
https://github.com/gnuboard/youngcart5/commit/4b8fb5b7223c326ea0814d47b4b6312e957840df
https://github.com/gnuboard/youngcart5/commit/a35efd522e832f369e10b719ca871e0d46f9d4bd
https://github.com/gnuboard/youngcart5/commit/58b35319585c920af8ef1e28b787b0b34320088d
https://github.com/gnuboard/youngcart5/commit/b878e8de82756d94c4cd0e23aa0fe43dad071e1b
https://github.com/gnuboard/youngcart5/commit/24aa7cf1d6cbf635edf4b1539e866402d9e4c018
https://github.com/gnuboard/youngcart5/commit/20af5d32ec4310b40c4a772a62884c984d1d3997
https://github.com/gnuboard/youngcart5/commit/55258728ff2a78b6f22be262049916ebf53c3278
https://github.com/gnuboard/youngcart5/commit/301afc2f6267caf8323a5db3e2582201d7f3b04f
https://github.com/gnuboard/youngcart5/commit/1cf89e426aad59c1ec7aa96eafdbc9d831e5801e
https://github.com/gnuboard/youngcart5/commit/43c0462ba6e2010fcc031419a900cc7c46112ccf
https://github.com/gnuboard/youngcart5/commit/9d00bcf4396e60402cb0352e8d86f00ef2c63f9c
76a92d2 5.1.13 버전변경
a14689f 5.1.13 버전변경
M config.php
8615ea1 SIR 도메인 변경
ee702ff SIR 도메인 변경
M LICENSE.txt
M adm/board_form_update.php
M adm/config_form.php
M adm/service.php
M bbs/list.php
M config.php
M lib/common.lib.php
M theme/basic/readme.txt
96f6252 Merge branch 'g5'
3dad98c 모바일 결제 오류 수정
M mobile/shop/inicis/pay_approval.php
M mobile/shop/inicis/pay_return.php
M mobile/shop/kcp/order_approval_form.php
M mobile/shop/lg/returnurl.php
M shop/ajax.orderdatasave.php
4b29f1c Merge branch 'g5'
1a142e5 Merge branch 'master' into kisa
c9a4697 Merge branch 'master' of github.com:gnuboard/g5
4b38d93 스마트 에디터 2.8.2 에 추가된 파일 적용
A plugin/editor/smarteditor2/SmartEditor2_noframe.html
A plugin/editor/smarteditor2/js/SE2M_Configuration.js
A plugin/editor/smarteditor2/js/lib/jindo2.all.js
A plugin/editor/smarteditor2/js/lib/jindo_component.js
A plugin/editor/smarteditor2/photo_uploader/popup/_common.php
5d2851d 스마트에디터 2.8.2 적용 및 에디터 업로드 보안 수정
D plugin/editor/smarteditor2/SmartEditor2.html
M plugin/editor/smarteditor2/SmartEditor2Skin.html
M plugin/editor/smarteditor2/css/smart_editor2.css
M plugin/editor/smarteditor2/css/smart_editor2_in.css
M plugin/editor/smarteditor2/css/smart_editor2_items.css
M plugin/editor/smarteditor2/css/smart_editor2_out.css
M plugin/editor/smarteditor2/editor.lib.php
M plugin/editor/smarteditor2/js/SE2BasicCreator.js
M plugin/editor/smarteditor2/js/smarteditor2.js
M plugin/editor/smarteditor2/js/smarteditor2.min.js
M plugin/editor/smarteditor2/photo_uploader/popup/file_uploader.php
M plugin/editor/smarteditor2/photo_uploader/popup/file_uploader_html5.php
M plugin/editor/smarteditor2/photo_uploader/popup/index.html
M plugin/editor/smarteditor2/photo_uploader/popup/js/basic.js
M plugin/editor/smarteditor2/photo_uploader/popup/php/index.php
D plugin/editor/smarteditor2/sample.php
M plugin/editor/smarteditor2/smart_editor2_inputarea.html
287fdd6 중복된 코드 삭제
M adm/shop_admin/orderdeliveryupdate.php
f6e6a73 Merge branch 'master' into kisa
4b6cc0e Merge branch 'g5'
3674acc g5_admin_url 코드 수정
M adm/admin.head.php
M head.sub.php
271b8d0 g5_admin_url 코드 수정으로 인한 코드 복구
M lib/common.lib.php
2091b3e Merge branch 'g5'
ab53654 Merge branch 'master' into kisa
e5aedd5 g5_admin_url 변수 설정 코드 변경
M adm/admin.head.php
M head.sub.php
M theme/basic/head.sub.php
60ea7fd Merge branch 'master' into kisa
9f460d5 Merge branch 'g5'
7db9a33 메일인증 기능 수정
M bbs/login_check.php
M bbs/register_email.php
M bbs/register_email_update.php
88c9537 비밀 댓글 노출 취약점(16-067) 수정
M mobile/skin/board/basic/view_comment.skin.php
M mobile/skin/board/gallery/view_comment.skin.php
M skin/board/basic/view_comment.skin.php
M skin/board/gallery/view_comment.skin.php
M theme/basic/mobile/skin/board/basic/view_comment.skin.php
M theme/basic/mobile/skin/board/gallery/view_comment.skin.php
M theme/basic/skin/board/basic/view_comment.skin.php
M theme/basic/skin/board/gallery/view_comment.skin.php
2b2df0e Merge branch 'g5'
d278554 Merge branch 'master' into kisa
9df86d7 sca 필터링 코드 수정
M common.php
714d64a Reflected XSS 취약점(16-036) 수정
M bbs/alert.php
f3abd57 XSS 취약점(15-727) 수정
D plugin/editor/smarteditor2/sample.php
e902334 XSS 취약점(16-060) 수정
M bbs/member_confirm.php
43f4b2c XSS 취약점(16-059) 수정
M bbs/formmail.php
M mobile/skin/member/basic/formmail.skin.php
M skin/member/basic/formmail.skin.php
M theme/basic/mobile/skin/member/basic/formmail.skin.php
M theme/basic/skin/member/basic/formmail.skin.php
XSS 취약점 (16-059, 16-060) 이휘원님이 한국인터넷진흥원통해 알려주셨습니다.
XSS 취약점(15-727) 한국인터넷진흥원에서 알려주셨습니다.
Reflected XSS 취약점(16-036) 한국인터넷진흥원에서 알려주셨습니다.
비밀 댓글 노출 취약점(16-067) 한국인터넷진흥원에서 알려주셨습니다.
https://github.com/gnuboard/youngcart5/commit/986ecbbc948c8fa0191692b979702ef4a3ac577d
https://github.com/gnuboard/youngcart5/commit/80ad50a2de7a87c2f57320f7a1bddd28d8e094c1
https://github.com/gnuboard/youngcart5/commit/5e8259722160e432b6e4fc8a48081512ea38abb5
https://github.com/gnuboard/youngcart5/commit/47818151f15d85ee96e13f08fbf7be9faaea6c87
https://github.com/gnuboard/youngcart5/commit/4b8fb5b7223c326ea0814d47b4b6312e957840df
https://github.com/gnuboard/youngcart5/commit/a35efd522e832f369e10b719ca871e0d46f9d4bd
https://github.com/gnuboard/youngcart5/commit/58b35319585c920af8ef1e28b787b0b34320088d
https://github.com/gnuboard/youngcart5/commit/b878e8de82756d94c4cd0e23aa0fe43dad071e1b
https://github.com/gnuboard/youngcart5/commit/24aa7cf1d6cbf635edf4b1539e866402d9e4c018
https://github.com/gnuboard/youngcart5/commit/20af5d32ec4310b40c4a772a62884c984d1d3997
https://github.com/gnuboard/youngcart5/commit/55258728ff2a78b6f22be262049916ebf53c3278
https://github.com/gnuboard/youngcart5/commit/301afc2f6267caf8323a5db3e2582201d7f3b04f
https://github.com/gnuboard/youngcart5/commit/1cf89e426aad59c1ec7aa96eafdbc9d831e5801e
https://github.com/gnuboard/youngcart5/commit/43c0462ba6e2010fcc031419a900cc7c46112ccf
https://github.com/gnuboard/youngcart5/commit/9d00bcf4396e60402cb0352e8d86f00ef2c63f9c
76a92d2 5.1.13 버전변경
a14689f 5.1.13 버전변경
M config.php
8615ea1 SIR 도메인 변경
ee702ff SIR 도메인 변경
M LICENSE.txt
M adm/board_form_update.php
M adm/config_form.php
M adm/service.php
M bbs/list.php
M config.php
M lib/common.lib.php
M theme/basic/readme.txt
96f6252 Merge branch 'g5'
3dad98c 모바일 결제 오류 수정
M mobile/shop/inicis/pay_approval.php
M mobile/shop/inicis/pay_return.php
M mobile/shop/kcp/order_approval_form.php
M mobile/shop/lg/returnurl.php
M shop/ajax.orderdatasave.php
4b29f1c Merge branch 'g5'
1a142e5 Merge branch 'master' into kisa
c9a4697 Merge branch 'master' of github.com:gnuboard/g5
4b38d93 스마트 에디터 2.8.2 에 추가된 파일 적용
A plugin/editor/smarteditor2/SmartEditor2_noframe.html
A plugin/editor/smarteditor2/js/SE2M_Configuration.js
A plugin/editor/smarteditor2/js/lib/jindo2.all.js
A plugin/editor/smarteditor2/js/lib/jindo_component.js
A plugin/editor/smarteditor2/photo_uploader/popup/_common.php
5d2851d 스마트에디터 2.8.2 적용 및 에디터 업로드 보안 수정
D plugin/editor/smarteditor2/SmartEditor2.html
M plugin/editor/smarteditor2/SmartEditor2Skin.html
M plugin/editor/smarteditor2/css/smart_editor2.css
M plugin/editor/smarteditor2/css/smart_editor2_in.css
M plugin/editor/smarteditor2/css/smart_editor2_items.css
M plugin/editor/smarteditor2/css/smart_editor2_out.css
M plugin/editor/smarteditor2/editor.lib.php
M plugin/editor/smarteditor2/js/SE2BasicCreator.js
M plugin/editor/smarteditor2/js/smarteditor2.js
M plugin/editor/smarteditor2/js/smarteditor2.min.js
M plugin/editor/smarteditor2/photo_uploader/popup/file_uploader.php
M plugin/editor/smarteditor2/photo_uploader/popup/file_uploader_html5.php
M plugin/editor/smarteditor2/photo_uploader/popup/index.html
M plugin/editor/smarteditor2/photo_uploader/popup/js/basic.js
M plugin/editor/smarteditor2/photo_uploader/popup/php/index.php
D plugin/editor/smarteditor2/sample.php
M plugin/editor/smarteditor2/smart_editor2_inputarea.html
287fdd6 중복된 코드 삭제
M adm/shop_admin/orderdeliveryupdate.php
f6e6a73 Merge branch 'master' into kisa
4b6cc0e Merge branch 'g5'
3674acc g5_admin_url 코드 수정
M adm/admin.head.php
M head.sub.php
271b8d0 g5_admin_url 코드 수정으로 인한 코드 복구
M lib/common.lib.php
2091b3e Merge branch 'g5'
ab53654 Merge branch 'master' into kisa
e5aedd5 g5_admin_url 변수 설정 코드 변경
M adm/admin.head.php
M head.sub.php
M theme/basic/head.sub.php
60ea7fd Merge branch 'master' into kisa
9f460d5 Merge branch 'g5'
7db9a33 메일인증 기능 수정
M bbs/login_check.php
M bbs/register_email.php
M bbs/register_email_update.php
88c9537 비밀 댓글 노출 취약점(16-067) 수정
M mobile/skin/board/basic/view_comment.skin.php
M mobile/skin/board/gallery/view_comment.skin.php
M skin/board/basic/view_comment.skin.php
M skin/board/gallery/view_comment.skin.php
M theme/basic/mobile/skin/board/basic/view_comment.skin.php
M theme/basic/mobile/skin/board/gallery/view_comment.skin.php
M theme/basic/skin/board/basic/view_comment.skin.php
M theme/basic/skin/board/gallery/view_comment.skin.php
2b2df0e Merge branch 'g5'
d278554 Merge branch 'master' into kisa
9df86d7 sca 필터링 코드 수정
M common.php
714d64a Reflected XSS 취약점(16-036) 수정
M bbs/alert.php
f3abd57 XSS 취약점(15-727) 수정
D plugin/editor/smarteditor2/sample.php
e902334 XSS 취약점(16-060) 수정
M bbs/member_confirm.php
43f4b2c XSS 취약점(16-059) 수정
M bbs/formmail.php
M mobile/skin/member/basic/formmail.skin.php
M skin/member/basic/formmail.skin.php
M theme/basic/mobile/skin/member/basic/formmail.skin.php
M theme/basic/skin/member/basic/formmail.skin.php
댓글 13개
감사합니다....
감사합니다 고생하셨습니다....
감사합니다....
감사합니다.
수고하셨습니다.
감사합니다.
감사 합니다 잘 쓰고 있어요 :)
감사합니다.
감사합니다.
수고 많이 하셨습니다.
수고 많이 하셨습니다.
고맙습니다~^^
감사합니다.
잘쓰겠습니다.
잘쓰겠습니다.
감사합니다. 잘 쓰겠습니다.
수고하셨습니다.
adm/admin.head.php 패치가 누락된거 같습니다.
44라인 var g5_admin_url = "<?php echo G5_ADMIN_URL; ?>";
head.sub.php에서 정의가 되서 상관없으려나 했는데 테마쪽 head.sub.php에는 그 부분이 아예 삭제가 되서 빠지면 안되겠더군요.
다음버전에는 한쪽방향으로 정리해주실거라 봅니다.
adm/admin.head.php 패치가 누락된거 같습니다.
44라인 var g5_admin_url = "<?php echo G5_ADMIN_URL; ?>";
head.sub.php에서 정의가 되서 상관없으려나 했는데 테마쪽 head.sub.php에는 그 부분이 아예 삭제가 되서 빠지면 안되겠더군요.
다음버전에는 한쪽방향으로 정리해주실거라 봅니다.