From b36b4229cbce0f8712c863d8e5fd541e49ae3a3c Mon Sep 17 00:00:00 2001
From: jiwoo <jiwoo@DESKTOP-SIDMR4Q>
Date: Wed, 2 Aug 2023 10:39:25 +0900
Subject: [PATCH] =?UTF-8?q?=EC=9D=B4=EC=A7=80=EC=9A=B0=20-=20=EC=B7=A8?=
 =?UTF-8?q?=EC=95=BD=EC=A0=90=20=EC=A1=B0=EC=B9=98(=EC=84=B8=EA=B8=88?=
 =?UTF-8?q?=EA=B3=84=EC=82=B0=EC=84=9C=20=EB=B0=9C=ED=96=89=20=EC=8B=9C=20?=
 =?UTF-8?q?=EB=B3=B8=EC=9D=B8=20ID=EB=A1=9C=EB=A7=8C=20=EB=93=B1=EB=A1=9D,?=
 =?UTF-8?q?=20=EB=B3=B8=EC=9D=B8=20=EA=B2=8C=EC=8B=9C=EA=B8=80=EB=A7=8C=20?=
 =?UTF-8?q?=EC=88=98=EC=A0=95,=20=ED=99=98=EB=B6=88=20=EC=8B=9C=20?=
 =?UTF-8?q?=EB=B3=B4=EC=9C=A0=20=EA=B8=88=EC=95=A1=20=EB=B9=84=EA=B5=90=20?=
 =?UTF-8?q?=EC=B6=94=EA=B0=80)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../let/cop/bbs/web/EgovBBSManageController.java   |  9 +++++++++
 .../itn/let/mjo/pay/web/MjonPayController.java     |  5 +++++
 .../java/itn/let/mjo/pay/web/RefundController.java | 14 ++++++++++++++
 .../WEB-INF/jsp/web/pay/PayListRefundAjax.jsp      |  5 +++++
 4 files changed, 33 insertions(+)

diff --git a/src/main/java/itn/let/cop/bbs/web/EgovBBSManageController.java b/src/main/java/itn/let/cop/bbs/web/EgovBBSManageController.java
index 7b68e99f..a4b39d32 100644
--- a/src/main/java/itn/let/cop/bbs/web/EgovBBSManageController.java
+++ b/src/main/java/itn/let/cop/bbs/web/EgovBBSManageController.java
@@ -2349,6 +2349,15 @@ public class EgovBBSManageController {
 		BoardVO bdVO = bbsMngService.selectBoardArticleWeb(boardVO);
 //		String frstRegisterId = bdVO.getFrstRegisterId(); // 관리자 유무
 		
+		//230801 이지우 - 본인글 외에 nttId 변조를 통하여 다른 게시글 수정 가능한 취약점 방지
+		LoginVO loginVO = EgovUserDetailsHelper.isAuthenticated()? (LoginVO)EgovUserDetailsHelper.getAuthenticatedUser():null;
+		String userId = loginVO == null ? "" : EgovStringUtil.isNullToString(loginVO.getUniqId());
+		if(!bdVO.getFrstRegisterId().equals(userId)) {
+			modelAndView.addObject("message", "잘못된 접근입니다.\n관리자에게 문의하세요.");
+			modelAndView.addObject("result", "fail");
+			return modelAndView;			
+		}
+		
 		UserVO userVO = (UserVO)request.getSession().getAttribute("userVO"); // 사용자 정보
 		
 		//게시글 본인인증 번호 변수 저장
diff --git a/src/main/java/itn/let/mjo/pay/web/MjonPayController.java b/src/main/java/itn/let/mjo/pay/web/MjonPayController.java
index 77f7fce9..b923ab59 100644
--- a/src/main/java/itn/let/mjo/pay/web/MjonPayController.java
+++ b/src/main/java/itn/let/mjo/pay/web/MjonPayController.java
@@ -3385,6 +3385,11 @@ public class MjonPayController {
 			@ModelAttribute("mberManageVO") MberManageVO mberManageVO,  HttpServletRequest request,
 			ModelMap model, RedirectAttributes redirectAttributes) throws Exception{
     	
+    	//230801 이지우 추가 - 세금계산서 발행 시 아이디 변조하여 다른 계정의 세금계산서 정보 수정하는 취약점 대응 조치
+		LoginVO loginVO = EgovUserDetailsHelper.isAuthenticated()? (LoginVO)EgovUserDetailsHelper.getAuthenticatedUser():null;
+		String userId = loginVO == null ? "" : EgovStringUtil.isNullToString(loginVO.getUniqId());
+		
+    	mberManageVO.setUniqId(userId);
     	mberManageService.updateTaxbill(mberManageVO);
     	
     	redirectAttributes.addFlashAttribute("message", egovMessageSource.getMessage("success.common.update"));
diff --git a/src/main/java/itn/let/mjo/pay/web/RefundController.java b/src/main/java/itn/let/mjo/pay/web/RefundController.java
index 610e579f..d4889d43 100644
--- a/src/main/java/itn/let/mjo/pay/web/RefundController.java
+++ b/src/main/java/itn/let/mjo/pay/web/RefundController.java
@@ -321,6 +321,20 @@ public class RefundController {
 				return modelAndView;
 			}*/
 			
+			
+			//230802 이지우 취약점 조치 - 보유금액을 변조하여 환불 신청 한 경우 방지
+			//회원 정보 조회
+			RefundVO mberInfoVO = refundService.selectRefundMberInfo(refundVO);
+			
+			if(Double.parseDouble(mberInfoVO.getMberMoney()) 
+					< refundVO.getRefundMoney()) {
+				
+				modelAndView.addObject("status", "moreThanUserMoney");
+				modelAndView.addObject("msg", "현재 회원의 보유금액보다 큰 금액을 환불 할 수 없습니다.");
+				
+				return modelAndView;
+			}
+			
 			String atchFileId = "";
 			final Map<String, MultipartFile> files = multiRequest.getFileMap();
 			if (!files.isEmpty()) {
diff --git a/src/main/webapp/WEB-INF/jsp/web/pay/PayListRefundAjax.jsp b/src/main/webapp/WEB-INF/jsp/web/pay/PayListRefundAjax.jsp
index b0ae34e7..1dfde27b 100644
--- a/src/main/webapp/WEB-INF/jsp/web/pay/PayListRefundAjax.jsp
+++ b/src/main/webapp/WEB-INF/jsp/web/pay/PayListRefundAjax.jsp
@@ -277,6 +277,11 @@ function fn_refund_insert() {
 		        cache: false,
 		        //timeout: 600000,
 		        success: function (returnData, status) {
+		        	//보유 금액 변조 방지
+		        	if(returnData.status == 'moreThanUserMoney'){
+		        		alert(returnData.msg)
+		        		return;
+		        	}
 		        	if(returnData.msg != null){
 		        		alert(returnData.msg);
 		        	}