-------------------------------------------------------------------
■脆弱性の種類
-------------------------------------------------------------------
個人情報削除の脆弱性
-------------------------------------------------------------------
■不具合が存在するEC-CUBEのバージョン
-------------------------------------------------------------------
EC-CUBE 2.12.2 以前
2.4.4以前
2.11.0
2.11.1
2.11.2
2.11.3
2.11.4
2.11.5
2.12.0
2.12.1
2.12.2
-------------------------------------------------------------------
■修正方法について
-------------------------------------------------------------------
/data/class/pages/shopping/LC_Page_Shopping_Deliv.php::action
《2.4.4以下のEC-CUBEでは、下記も追加で修正を行います。》
/data/class/pages/shopping/LC_Page_Shopping_Deliv.php::mobileProcess
に以下の変更を加えます。
=================================================================================================================
▽2.11.0以上のバージョンは以下を参考下さい
-----------------------------------------------------------------------------------------------------------------
▽LC_Page_Shopping_Deliv.php::action
107行目付近を変更下さい。
-----------------------------------------------------------------------------------------------------------------
変更前
-----------------------------------------------------------------------------------------------------------------
$arrForm = $objFormParam->getHashArray();
switch ($this->getMode()) {
-------------------------------------------------------------------
-------------------------------------------------------------------
変更後
-------------------------------------------------------------------
$arrForm = $objFormParam->getHashArray();
if (!$this->doCheck($arrForm, $objCustomer)) {
SC_Utils_Ex::sfDispSiteError(PAGE_ERROR, '', true);
}
switch ($this->getMode()) {
=================================================================================================================
▽LC_Page_Shopping_Deliv.php
235行目付近に追記下さい。
-------------------------------------------------------------------
追記後
-------------------------------------------------------------------
function doCheck($arrForm, &$objCustomer) {
$objQuery =& SC_Query_Ex::getSingletonInstance();
if (empty($arrForm['other_deliv_id'])) {
$result = 1;
}
else {
$where = 'other_deliv_id = ? AND customer_id = ?';
$result = $objQuery->count('dtb_other_deliv', $where, array($arrForm['other_deliv_id'], $objCustomer->getValue('customer_id')));
}
return $result;
}
}
?>
=================================================================================================================
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
=================================================================================================================
▽2.4.4以下のバージョンは以下を参考下さい
-----------------------------------------------------------------------------------------------------------------
▽LC_Page_Shopping_Deliv.php::action
99行目付近を変更下さい。
-----------------------------------------------------------------------------------------------------------------
変更前
-----------------------------------------------------------------------------------------------------------------
// ログインチェック
if($_POST['mode'] != 'login' && !$objCustomer->isLoginSuccess()) {
// 不正アクセスとみなす
SC_Utils_Ex::sfDispSiteError(CUSTOMER_ERROR);
}
switch($_POST['mode']) {
-------------------------------------------------------------------
-------------------------------------------------------------------
変更後
-------------------------------------------------------------------
// ログインチェック
if($_POST['mode'] != 'login' && !$objCustomer->isLoginSuccess()) {
// 不正アクセスとみなす
SC_Utils_Ex::sfDispSiteError(CUSTOMER_ERROR);
}
if (!$this->doCheck($_POST, $objCustomer)) {
SC_Utils_Ex::sfDispSiteError(PAGE_ERROR, '', true);
}
switch($_POST['mode']) {
=================================================================================================================
▽LC_Page_Shopping_Deliv.php::mobileProcess
264行目付近を変更下さい。
-----------------------------------------------------------------------------------------------------------------
変更前
-----------------------------------------------------------------------------------------------------------------
// ログインチェック
if($_POST['mode'] != 'login' && !$objCustomer->isLoginSuccess(true)) {
// 不正アクセスとみなす
SC_Utils_Ex::sfDispSiteError(CUSTOMER_ERROR, "", false, "", true);
}
switch($_POST['mode']) {
-------------------------------------------------------------------
-------------------------------------------------------------------
変更後
-------------------------------------------------------------------
// ログインチェック
if($_POST['mode'] != 'login' && !$objCustomer->isLoginSuccess(true)) {
// 不正アクセスとみなす
SC_Utils_Ex::sfDispSiteError(CUSTOMER_ERROR, "", false, "", true);
}
if (!$this->doCheck($_POST, $objCustomer)) {
SC_Utils_Ex::sfDispSiteError(PAGE_ERROR, '', true);
}
switch($_POST['mode']) {
=================================================================================================================
▽LC_Page_Shopping_Deliv.php
584行目付近に追記下さい。
-------------------------------------------------------------------
追記後
-------------------------------------------------------------------
function doCheck($arrForm, &$objCustomer) {
$objQuery = new SC_Query();
if (empty($arrForm['other_deliv_id'])) {
$result = 1;
}
else {
$where = 'other_deliv_id = ? AND customer_id = ?';
$result = $objQuery->count('dtb_other_deliv', $where, array($arrForm['other_deliv_id'], $objCustomer->getValue('customer_id')));
}
return $result;
}
}
?>
=================================================================================================================