2009. 09. 22.
³»¿ë : _zb_path, dir º¯¼ö¿¡ ´ëÇØ À¥½© ¾øÀÌ Á÷Á¢ ¼¹ö³» ÆÄÀÏÀ» ½ÇÇà ÇÒ ¼ö ÀÖ´Â Ãë¾àÁ¡ ¹ß»ý
º¸°í : Çѱ¹ ÀÎÅÍ³Ý ÁøÈï¿ø (http://www.kisa.or.kr)
´ë»ó : Á¦·Îº¸µå4 ¸ðµç ¹öÀü
ºñ°í : php5.2 À̻󿡼¸¸ ¹ß»ýÇÏ´Â Ãë¾àÁ¡°ú php ¹öÀü »ó°ü¾øÀÌ ¹ß»ýÇÏ´Â Ãë¾àÁ¡
Ãë¾àÁ¡ º¸¿Ï
- ÆÐÄ¡ ÆÄÀÏ Àû¿ë : ÷ºÎµÈ patch.2009.09.22.zip ÆÄÀÏÀÇ ¾ÐÃàÀ» Ç®°í µ¤¾î¾²±â
- ÆÐÄ¡ Àû¿ë : ÷ºÎµÈ zb4.20090922.patch ÆÄÀÏÀÇ patch ¸í·É¾î¸¦ ÀÌ¿ëÇÑ Àû¿ë
- Á÷Á¢ ¼öÁ¤
- ´ë»ó ÆÄÀÏ
- _head.php
- outlogin.php
- skin/zero_vote/ask_password.php
- skin/zero_vote/error.php
- skin/zero_vote/login.php
- ¼öÁ¤ ³»¿ë
- _head.php, outlogin.php
[¼öÁ¤Àü]
if(eregi(":\/\/",$_zb_path)||eregi("\.\.",$_zb_path)) $_zb_path ="./";
[¼öÁ¤ÈÄ]
if(eregi(":\/\/",$_zb_path)||eregi("\.\.",$_zb_path)||eregi("^\/",$_zb_path)||eregi("data:;",$_zb_path)) $_zb_path ="./";
- skin/zero_vote/ ÆÄÀϵé
[¼öÁ¤Àü]
if(eregi(":\/\/",$dir)||eregi("\.\.",$dir)) $dir ="./";
[¼öÁ¤ÈÄ]
if(eregi(":\/\/",$dir)||eregi("\.\.",$dir)||eregi("^\/",$dir)||eregi("data:;",$dir)) $dir ="./";
ÀÌ Ãë¾àÁ¡Àº ¸Å¿ì À§ÇèÇÑ Ãë¾àÁ¡À¸·Î ²À ÆÐÄ¡¸¦ ÇØÁÖ¼¼¿ä.
±×¸®°í °¡´ÉÇÏ´Ù¸é Á¦·Îº¸µå4¸¦ XpressEngine ¶Ç´Â ´Ù¸¥ ÇÁ·Î±×·¥À¸·Î ÀüȯÇÏ´Â °ÍÀ» ±ÇÀåÇÕ´Ï´Ù.