³» ¿ë |
¡à °³¿ä
XSS¶õ Ÿ »ç¿ëÀÚÀÇ Á¤º¸¸¦ ÃßÃâÇϱâ À§ÇØ »ç¿ëµÇ´Â °ø°Ý±â¹ýÀ¸·Î »ç¿ëÀÚÀÇ ÀÔ·ÂÀ» ¹Þ¾ÆµéÀÌ´Â °÷(°Ô½ÃÆÇÀ̳ª °Ë»öâ)¿¡ ½ºÅ©¸³Æ® Äڵ带 Â÷´ÜÇÏÁö ¾ÊÀ½À¸·Î½á °ø°ÝÀÚ°¡ ½ºÅ©¸³Æ® Äڵ带 ½ÇÇàÇÒ ¼ö ÀÖ°Ô µË´Ï´Ù. »ç¿ëÀÚ°¡ ÀÔ·ÂÇÑ ¹®ÀÚ¿À» ÀúÀåÇÏ¿´´Ù°¡, ´Ù¸¥ »ç¿ëÀÚ°¡ ÇØ´ç °Ô½Ã¹°À» Àоîµé¿´À» ¶§ ±×´ë·Î Àü¼ÛµÇ¾îÁö´Âµ¥ ÀÌ°ÍÀ» ÀÌ¿ëÇÏ¿© °ø°ÝÄڵ尡 Æ÷ÇÔµÈ ¹®ÀÚ¿À» ÀÛ¼ºÇÏ¿© ±×°ÍÀ» ÀоîµéÀÎ ÇÇÇØÀÚ¿¡°Ô °ø°ÝÀ» °¡ÇÏ°Ô µË´Ï´Ù.
¡à Á¶Ä¡ ¹æ¹ý
Ãß°¡·Î ÇÏ´Ü¿¡ ³Ö´Â °ÍÀÌ ¾Æ´Ï¶ó ±âÁ¸ÀÇ ³»¿ëÀ» À§Ä¡¸¸ ¿Å±â´Â °Í ÀÔ´Ï´Ù.
lib/common.lib.php ÀÇ function conv_content() ¿¡¼
$content = preg_replace("#\/\*.*\*\/#iU", "", $content);
ÀÌ ÄÚµåÀÇ À§Ä¡¸¦ ¾Æ·¡¿Í °°Àº ÇüÅ·Π¹Ù²ã ÇØ°áÇÕ´Ï´Ù.
....»ý·«
// ÀÌ·± °æ¿ì¸¦ ¹æÁöÇÔ
$content = preg_replace("#\/\*.*\*\/#iU", "", $content);
$content = preg_replace("/(on)([a-z]+)([^a-z]*)(\=)/i", "on$2$3$4", $content);
$content = preg_replace("/(dy)(nsrc)/i", "dy$2", $content);
$content = preg_replace("/(lo)(wsrc)/i", "lo$2", $content);
$content = preg_replace("/(sc)(ript)/i", "sc$2", $content);
//$content = preg_replace("/(ex)(pression)/i", "ex$2", $content);
$content = preg_replace("/\<(\w|\s|\?)*(xml)/i", "", $content);
// À̹ÌÁö ű×ÀÇ src ¼Ó¼º¿¡ »èÁ¦µîÀÇ ¸µÅ©°¡ ÀÖ´Â °æ¿ì °Ô½Ã¹°À» È®ÀÎÇÏ´Â °Í¸¸À¸·Îµµ µ¥ÀÌÅÍÀÇ À§º¯Á¶°¡ °¡´ÉÇϹǷΠÀÌ°ÍÀ» ¸·À½
$content = preg_replace("/<(img[^>]+delete\.php[^>]+bo_table[^>]+)/i", "*** CSRF °¨Áö : <$1", $content);
$content = preg_replace("/<(img[^>]+delete_comment\.php[^>]+bo_table[^>]+)/i", "*** CSRF °¨Áö : <$1", $content);
$content = preg_replace("/<(img[^>]+logout\.php[^>]+)/i", "*** CSRF °¨Áö : <$1", $content);
$content = preg_replace("/<(img[^>]+download\.php[^>]+bo_table[^>]+)/i", "*** CSRF °¨Áö : <$1", $content);
....»ý·«
¡à Âü°í »çÀÌÆ®
http://sir.co.kr/bbs/board.php?bo_table=g4_pds&wr_id=6782&page=2
|
|