本当にあった怖い脆弱性の話

Transcript

1. ຊ౰쎂썙썺썶ා썛੬ऑੑ쎅࿩ 3PLV
   !BEKQ

2. 썴쎣쎆ɺ೥લ쎅य़

3. ࢁా썬쎪 Ծ ʮ3PLV썬쎪ɺอकҾܧҊ݅쎛쎠쎏쎪ʁ
   ։ൃ썮썶ձࣾ쎅ରԠѱ썦썽੾쎡썶썛쎪쎛썺썽ɻ
   ূ݊ձࣾ쎅ސ٬쏨쎮쏤썗쏂쏁쏃쏐쏪쎁쎪쎛써쎀ʯ

4. ๻쎆쎁쎪썷썢ݏ쎁༧ײ썣썮썶쎅썾ɾɾɾ
   썿쎡썙썟썱ɺࣄલௐࠪ쎅쎖डୗ

5. 썴쎣썣ɺ썪쎅ڪ쎤썮썛෺ޠ쎅࢝쎕쎡썷썺썶

6. ;Γ͕ͳʹ׽ࣈͱ ͔ೖΔ͚Ͳɾɾɾ·͊ Өڹ͸ͳ͍͔ɻ ͓ɾɾɾʁ 썿쎙썙쎣ɺձһొ࿥ʢޱ࠲։ઃʣ썢쎠ௐࠪ։࢝

7. ͓͓͓ɾɾɾʁ

8. ΜΜΜΜʁ 쏧쏋ɾɾɾ 쏛쏍

9. None

10. 썡쎦썢쎡썛썶썷써썶썷쎤썝썢

11. 쎵쏋쎵쏋ɾɾɾ 쏍쏉썗썗쏽ʂ 썛쎛ɺ썴쎪쎁쎆썱쎆쎁썛ɻ

12. 썴쎅࣌ɺ
    ๻쎅໨쎂ඈ쎊ࠐ쎪썾썤썶쎅쎆

13. None

14. શવ஌쎠쎁썛썡썯썬쎪쎅໔ڐূ

15. ݸਓ৘ใ쏟쏵쎴썗쏡쏽

16. 쎦쎡썿ਅ໘໨쎂ɾɾɾ썪쎪쎁࣮૷썮썽쎕썲쎪썢ʁ

17. 쎦쎡썿ਅ໘໨쎂ɾɾɾ썪쎪쎁࣮૷썮썽쎕썲쎪썢ʁ 썪쎪쎁ࡶ쎁࣮૷썮썽 쎟썛쎅쎆ɺੈքத쎅 ਓ쎂ݟ쎠쎣썽쎙
    ໰୊쎁썛쏟쎫쎮쏵
    썷써썾썰ɻ

18. ྫ썟쎇ɺ
    ɾ쏰썗쏀썣쎿쎮쏒্썢쎠ੜ੒썮ɺ
    ɹ쏊쎰쏽쏷썗쏓썾썤쎢ݟੵॻ1%'
    ɾاۀ಺쏁쏃쏐쏪쎅ɺ1%'ੜ੒썮썶੥ٻॻ౳
    ɾ쏕쏯썗쏃쎿쎮쏒쎅ɺެ։લهࣄ쎅ఴ෇쏟쎫쎮쏵

19. ྫ썟쎇ɺ
    ɾ쏰썗쏀썣쎿쎮쏒্썢쎠ੜ੒썮ɺ
    ɹ쏊쎰쏽쏷썗쏓썾썤쎢ݟੵॻ1%'
    ɾاۀ಺쏁쏃쏐쏪쎅ɺ1%'ੜ੒썮썶੥ٻॻ౳
    ɾ쏕쏯썗쏃쎿쎮쏒쎅ɺެ։લهࣄ쎅ఴ෇쏟쎫쎮쏵
    ˠ
    શ෦ެ։쏑쎭쏶쎹쏒쏴쎂ஔ썛썽쎆쏊쏫ʂ

20. 썪쎪쎁썪썿쎩ݴ썝ਓ썣썛쎕썰
    ʮ63-쎆쏳쏽쏊쏪ʢ쏙쏍쏁쏯஋ʣ쎁쎪썷썢쎠ɺ
    ɹ63-஌쎠쎣쎁썛ݶ쎡ݟ쎣쎁썛썯쎚쎁썛썾썰썢ʯ

21. 썪쎪쎁썪썿쎩ݴ썝ਓ썣썛쎕썰
    ʮ63-쎆쏳쏽쏊쏪ʢ쏙쏍쏁쏯஋ʣ쎁쎪썷썢쎠ɺ
    ɹ63-஌쎠쎣쎁썛ݶ쎡ݟ쎣쎁썛썯쎚쎁썛썾썰썢ʯ
    ɹɹ63-쎩஌쎠쎁썤쎚ݟ쎣쎁썛
    ɹɹ63-썬썟஌썺썽썛쎣쎇ੈքத썷쎣썾쎙ݟ쎣쎢 ✕

22. ࣮ྫ
    
    1̋5*.&4৘ใ࿙썟썛ࣄ݅
    ެ։લ쎅쏡쏶쏃쏴쏴썗쏃쎅ఴ෇쏟쎫쎮쏵ʢ1%'౳ʣ 썣ୈࡾऀ썢쎠쎬쎹쏅쏃Մೳ쎁ঢ়ଶ쎂쎁썺썽썡쎡ɺ
    ྲྀग़ɻ
    ˠ
    Ұาؒҧ썟쎇쎮쏽쎿쎮쏊썗औҾ౳쎂쎙ܨ썣쎡
    ɹ
    썢쎄쎁썛ࣄҊɻ

23. 썾쎙ඇެ։ྖҬ쎂ஔ썛썶쎠ɺ
    ݟ썲쎢쎐썤쏰썗쏀쎂쎙
    ݟ썲쎠쎣쎁썛쎅썾쎆ʁ

24. 썪썝썰쎢ɻ 쎕썱쏟쎫쎮쏵쎆
    ඇެ։ྖҬ쎂ஔ썤ɺ
    쏰썗쏀*%౳썿썿쎙쎂 %#쎂อଘ public function upload(Request $request) {

    //ϦΫΤετऔಘ $uploaded_file = $request->file('upload'); //…தུ… //privateσΟεΫʹอଘ $save_path = $uploaded_file->store('userfiles'); //DBʹอଘ $private_file = new PrivateFile(); $private_file->user_id = Auth::id(); $private_file->file_path = $save_path; $private_file->mime_type = $uploaded_file ->getMimeType(); $private_file->save(); //ϓϨϏϡʔ༻ʹURLΛฦ٫ return response()->json([ 'url' => route('private-file', [ $private_file->file_id, $uploaded_file->extension() ]), ]); }

25. 썪썝썰쎢ɻ 쏟쎫쎮쏵༻쎅
    쏵썗쏐쎭쏽쎺쎩
    ༻ҙ Route::get( ‘/private-files/{private_file}.{ext}', [PrivateFileController::class, ‘view'] )->name('private-file');

26. 썪썝썰쎢ɻ 쎽쏽쏒쏷썗쏳
    썢쎠쏟쎫쎮쏵쎩
    ฦ٫ public function view(PrivateFile $private_file, string $ext)

    { //ϢʔβIDνΣοΫ if ($private_file->user_id !== Auth::id()) { abort(404); } //ଘࡏνΣοΫ if (!Storage::exists($private_file->file_path)) { abort(404); } //Ϩεϙϯε $headers = ['Content-Type' => $private_file->mime_type]; $content = Storage::get($private_file->file_path); return response($content, 200, $headers); }

27. 썪썝썰쎢ɻ 쏵썗쏐쎭쏽쎺썬쎣 썶63-쎩࢖༻썮썽 ը૾쎩දࣔɻ <img src="{{ route('private-file', [$private_file, $private_file->ext]) }}"

    alt=""> ˠ쎬쏍쏡쏷썗쏓썮썶ຊਓҎ֎썣௚쎬쎹쏅쏃썮썽쎙
    ɹ썿쎁쎢ɻ

28. 썶쎕쎂쏷쎺쎮쏽ೝূࠔ೉쎁ཁ݅쎙썙쎡쎕썰ɻ
    ྫ썟쎇֎෦쎏쎅쏟쎫쎮쏵ڞ༗౳ɻ
    ˠ
    썴쎣썾쎙쏵썗쏐쎭쏽쎺쎆௨썮썶্썾ɺ
    ɾਪఆࠔ೉쎁63-쎂썰쎢
    ɾදࣔՄೳ쎁ظؒ쎩੍ݶ
    ɾදࣔՄೳ쎁ճ਺쎩੍ݶ
    ɾ쎬쎹쏅쏃쎅ཤྺ쎩࢒썰

29. 썸쎁쎖쎂
    쎖쎪쎁େ޷썤
    8PSE1SFTT
    ౤ߘ썣Լॻ썤썾쎙ඇެ։썾쎙ɺ
    ఴ෇쏟쎫쎮쏵쎆ެ։쏑쎭쏶쎹쏒쏴쎂ஔ썢쎣쎕썰ɻ
    썮썢쎙جຊ쎬쏍쏡쏷썗쏓썮썶쎕쎕쎅쏟쎫쎮쏵໊썾ɻ
    ˠ
    ެ։લهࣄ쎂ݟ쎠쎣썽쎆썛써쎁썛쏟쎫쎮쏵썣
    ɹ
    ఴ෇썬쎣쎢Մೳੑ썣썙쎢쎁쎠ɺཁ쎵쏃쏉쏨쎮쏄ɻ

30. ๻ʮࢁా썬썗쎪ɺௐࠪ։࢝෼썾ɺ
    ɹɹ썸쎞썺썿쎛쎇썛쎛썻ݟ썻써쎕썮썶ʯ
    ࢁా썬쎪
    Ծ
    ʮ쎛쎐썗͆͆͆͆
    ɹɾɾɾ썪쎅݅쎆ޱ֎ແ༻썾썡ئ썛썮쎕썰ɻ
    ɹ໌쎢쎖쎂ग़썶쎠ࢮਓ썣ग़쎕썰ɻʯ
    

31. 썡٬༷썢쎠Ұචऔ썺썽쎙쎠썺썽ɺ
    ௐࠪଓߦɻ

32. None

33. ͸ɾɾɾʁ

34. ·͔͔ͬͪ͜͞Β
    ύεϫʔυϦηοτͰ͖ͨΓ͸
    ͠ͳ͍ΑͶɾɾɾ

35. Μɾɾɾʁ

36. None

37. 썡쎦썢쎡썛썶썷써썶썷쎤썝썢

38. 쏛쏃쏹썗쏓ฏจอଘ

39. ൑໌썮썶ӡ༻쏟쏷썗 ޱ࠲։ઃ
    ϑΥʔϜ ొ࿥಺༰
    ֬ೝը໘ ొ࿥ ৹ࠪ 쏛쏃쏹썗쏓௨஌ *%࠾൪
    쏛쏃쏹썗쏓ੜ੒

40. ɹɹӡ༻쏟쏷썗্ɺฏจอଘ썲썭쎢쎩ಘ쎁썛 ฉ썤๞썤썶ݴ썛༁

41. ɹɹӡ༻쏟쏷썗্ɺฏจอଘ썲썭쎢쎩ಘ쎁썛
    ɹɹۀ຿ཁ݅쎩ຬ썶썮썻썻ɺฏจอଘෆཁ쎁
    ɹɹӡ༻쏟쏷썗쎩ఏҊ썰쎢쎅썣4&쎅࢓ࣄ썾썰ɻ ✕ ฉ썤๞썤썶ݴ썛༁

42. 썶썿썟쎇ɺ
    ৹ࠪ׬ྃ࣌쎂༗ޮظݶ෇썤쎅쏒썗쎹쏽쎩ੜ੒썮ɺ
    쏒썗쎹쏽෇쎅ॳظઃఆ63-쎩쏫썗쏵썾ࣗಈૹ෇ɻ
    ˠظݶ಺쎂ਖ਼썮썛쏒썗쎹쏽෇쎅63-썢쎠쎬쎹쏅쏃
    ɹ썮썶৔߹쎅쎖쏛쏃쏹썗쏓ઃఆը໘쎩։썦ɻ
    ˠ쏰썗쏀ࣗ਎썣쏛쏃쏹썗쏓쎩ઃఆɻ

43. 쎀썝썮썽쎙༣ૹ썮쎁써쎣쎇썛써쎁썛쎁쎠ɺ
    ॳظ쏛쏃쏹썗쏓쎆༗ޮظݶ෇쎅Ծ쏛쏃쏹썗쏓썿
    썰쎢ʢ썪쎣썷써쎆ฏจอ࣋ʣɻ
    ˠॳճ쏷쎺쎮쏽࣌쎂ɺ쏛쏃쏹썗쏓มߋ쎩ڧ੍썰쎢ɻ
    ʢ썪쎅썿썤ฏจ쎅Ծ쏛쏃쏹썗쏓쎙%#썢쎠࡟আʣ

44. 쎁썳쏛쏃쏹썗쏓ฏจอଘ썣썷쎘쎁쎅썢ʁ

45. ʮѱҙ쎅؅ཧऀʯ 쎁썳쏛쏃쏹썗쏓ฏจอଘ썣썷쎘쎁쎅썢ʁ

46. ɾӡӦձࣾ쎩ୀ৬썮썶ݩࣾһ
    ɾ։ൃձࣾ쎅ݩ֎஫쏫쏽쏚썗
    ɾFUD
    શһ쎩৴༻썾썤쎕썰썢ʁ

47. ࣮ྫ
    
    দ̋ূ݊
    ސ٬ޱ࠲ෆਖ਼ग़ۚࣄ݅
    쏁쏃쏐쏪։ൃ쎩डୗ썮썶4*FS쎅ࣾһ썣ɺ
    ސ٬쎅쏛쏃쏹썗쏓쎩ෆਖ਼쎂ೖख썮ɺ
    ࣗ਎쎅ޱ࠲౳쎂ૹۚɻඃ֐ֹ쎆ԯԁ༨쎡ɻ

48. ɾ쏛쏃쏹썗쏓ฏจอଘ
    ɾ؅ཧऀ썣쏛쏃쏹썗쏓쎩ݟ쎣쎢
    ɾ؅ཧऀ썣쏛쏃쏹썗쏓쎩มߋ썾썤쎢
    جຊత쎂શ෦쏊쏫썾썰ɻ

49. 썿썛썝쎦써썾ɺ
    ؅ཧը໘썾쏛쏃쏹썗쏓쎩
    ֬ೝ썮썽쏷쎺쎮쏽ɻ
    ௐࠪଓߦ

50. 쏷쎺쎮쏽

51. 쎁쎪썷썢ؾ쎂쎁쎢쏫쏕쏯썗쎩ຊೳ썣࡯஌

52. 썴썺썿൶쎩։썦ɾɾɾ

53. 썪썝썛썝࢓༷썷썿ཧղ ೖۚೖྗ ೖۚ֬ೝ ܾࡁը໘ 8FCIPPL
    Τϯυ
    ϙΠϯτ ܾࡁ׬ྃ ࢒ߴߋ৽
    "1*

    쏴쏊쎮쏶쎹쏒 ຊ쏁쏃쏐쏪 ֎෦ܾࡁ쎿쎮쏒 ผ쏁쏃쏐쏪 8FCIPPL 쎽썗쏵 ೖۚ༧ఆ
    쏑썗쏉ొ࿥ ೖۚࡁ
    쎂ߋ৽

54. 썪썝썛썝࢓༷썷썿ཧղ ೖۚೖྗ ೖۚ֬ೝ ܾࡁը໘ 8FCIPPL
    Τϯυ
    ϙΠϯτ ܾࡁ׬ྃ ࢒ߴߋ৽
    "1*

    쏴쏊쎮쏶쎹쏒 ຊ쏁쏃쏐쏪 ֎෦ܾࡁ쎿쎮쏒 ผ쏁쏃쏐쏪 8FCIPPL 쎽썗쏵 ೖۚ༧ఆ
    쏑썗쏉ొ࿥ ೖۚࡁ
    쎂ߋ৽ ܾࡁ͕׬શ֎෦ͳΒ
    ܾࡁ৘ใอ࣋PS௨աͱ͔ͷ
    ৺഑͸ͳ͍͚Ͳɺ
    ҰԠ͚ͩ͜͜ݟͱ͔͘ɻ

55. 쏇썗쏃쏋쎱쏍쎹 public function webhook(Request $request) { //ϦΫΤετऔಘ $deposit_id = $request->input('rid');

    $tran_id = $request->input('tid'); $tran_date = $request->input('tdt'); //֘౰ͷೖۚ༧ఆΛऔಘ $deposit = Deposit::find($deposit_id); if (!$deposit_id) { abort(400); } //σʔλΛߋ৽ $deposit->status = Status::SUCCESS; $deposit->tran_id = $tran_id; $deposit->tran_date = $tran_date; $deposit->save(); //ӡ༻γεςϜͷ࢒ߴՃࢉ (API) DataLinkService::add($deposit->user_id, $deposit->amount); //ਖ਼ৗϨεϙϯε die("0"); }

56. 썡쎦썢쎡썛썶썷써썶썷쎤썝썢

57. public function webhook(Request $request) { //ϦΫΤετऔಘ $deposit_id = $request->input('rid'); $tran_id

    = $request->input('tid'); $tran_date = $request->input('tdt'); //֘౰ͷೖۚ༧ఆΛऔಘ $deposit = Deposit::find($deposit_id); if (!$deposit_id) { abort(400); } //σʔλΛߋ৽ $deposit->status = Status::SUCCESS; $deposit->tran_id = $tran_id; $deposit->tran_date = $tran_date; $deposit->save(); //ӡ༻γεςϜͷ࢒ߴՃࢉ (API) DataLinkService::add($deposit->user_id, $deposit->amount); //ਖ਼ৗϨεϙϯε die("0"); } 쎙썝Ұ౓

58. 쏤쎮쏷썗쏓쎂ਖ਼썮썛
    lSJEz
    썬썟썙쎣쎇ɺ
    ແ৚݅쎂ೖۚࡁ썿
    썮썽ॲཧ썬쎣쎢ɻ public function webhook(Request $request) { //ϦΫΤετऔಘ

    $deposit_id = $request->input('rid'); $tran_id = $request->input('tid'); $tran_date = $request->input('tdt'); //֘౰ͷೖۚ༧ఆΛऔಘ $deposit = Deposit::find($deposit_id); if (!$deposit_id) { abort(400); } //σʔλΛߋ৽ $deposit->status = Status::SUCCESS; $deposit->tran_id = $tran_id; $deposit->tran_date = $tran_date; $deposit->save(); //ӡ༻γεςϜͷ࢒ߴՃࢉ (API) DataLinkService::add($deposit->user_id, $deposit->amount); //ਖ਼ৗϨεϙϯε die("0"); } 쎙썝Ұ౓

59. 썻쎕쎡썪썝썰쎢썿 ೖۚೖྗ ೖۚ֬ೝ ܾࡁը໘ 8FCIPPL
    Τϯυ
    ϙΠϯτ ܾࡁ׬ྃ ࢒ߴߋ৽
    "1*

    쏴쏊쎮쏶쎹쏒 ຊ쏁쏃쏐쏪 ֎෦ܾࡁ쎿쎮쏒 ผ쏁쏃쏐쏪 8FCIPPL 쎽썗쏵 ೖۚ༧ఆ
    쏑썗쏉ొ࿥ ೖۚࡁ
    쎂ߋ৽ ܾࡁ썲썱쎂཭୤ 
    DVSM
    9
    1045
    E
    SJE
    IUUQT[BSV[BSVFYBNQMFDPNXFCIPPL

60. ِ૷ೖۚ썮์୊

61. 쏁쏃쏐쏪֎෦썢쎠ॴఆ쎅쏴쎹쎲쏃쏒쎩डऔ쎡ɺ
    썴쎅಺༰쎂Ԡ썯썽ɺ쏑썗쏉쎅࡞੒쎛ߋ৽౳쎅
    ֤छॲཧ쎩ߦ썝썪썿ɻ
    ʹ
    ී௨썾쎆ઈର쎂쎛쎠쎁썛௒ةݥ쎁ॲཧ쎩
    ɹ
    ྫ֎త쎂쎛썺썽썛쎢ɻ
    ɹ
    ɾɾɾ썿썛썝썪썿쎩쎕썱ೝࣝ썮쎕썮쎞썝ɻ 8FCIPPL썿쎆

62. ɾ௨ৗ
    8FCIPPL
    쎩ఏڙ썮썽썛쎢쎿썗쏝쏃쎂쎆
    ɹ쏰썗쏀썫썿쎂ݻ༗쎅ʮൿີ伴ʯ썣༻ҙ썬쎣썽썡쎡ɺ
    ɹ썴쎣쎩༻썛썽쏴쎹쎲쏃쏒쏦쏑쎭౳쎩쏙쏍쏁쏯썮썶ʮॺ໊ʯ쎩
    ɹ쏴쎹쎲쏃쏒쏢쏍쏊౳썾ૹ썺썽썤쎕썰ɻ
    ɹ썪쎅஋썣ਖ਼썮썛썪썿쎩֬ೝ썮ɺਖ਼썮썛࣌쎅쎖ॲཧ쎩࣮ߦ썰쎢쎟썝
    ɹ࣮૷썰쎢ɻ
    ɾ쏴쎹쎲쏃쏒ݩ쎅
    *1
    쎬쏓쏶쏃썣ެ։썬쎣썽썛쎢쎁쎠ɺ
    ɹ*1
    쎬쏓쏶쏃쎅쏋쎱쏍쎹쎙ߦ썝ɻ 쎀썝썰쎢쎅ʁ

63. 썪썪썣࠷େ쎅ةػ؅ཧ쏧쎮쏽쏒썺쎔썛쎅썾 ೖۚೖྗ ೖۚ֬ೝ ܾࡁը໘ 8FCIPPL
    Τϯυ
    ϙΠϯτ ܾࡁ׬ྃ ࢒ߴߋ৽
    "1*

    쏴쏊쎮쏶쎹쏒 ຊ쏁쏃쏐쏪 ֎෦ܾࡁ쎿쎮쏒 ผ쏁쏃쏐쏪 8FCIPPL 쎽썗쏵 ೖۚ༧ఆ
    쏑썗쏉ొ࿥ ೖۚࡁ
    쎂ߋ৽

64. 쎁쎪썸쎚쎠쎿썗쏝쏃썾
    HSFQ ͓΍ʁ
    ਵ෼γϯϓϧ͚ͩͲɺ
    ͜Ε࢖ͬͯΔͷʁ public function transaction(Request $request) { $amount

    = $request->input('amount'); $user_id = Auth::id(); //ӡ༻γεςϜͷ࢒ߴՃࢉ (API) DataLinkService::add($user_id, $amount); return ['success' => true]; }

65. 쎽쏽쏒쏷썗쏳໊썾
    HSFQ Route::post('/api/transaction', [ApiController::class, 'transaction']); ࢖ΘΕͱΔ΍Μ͚ɾɾɾ

66. ໰୊쎅63*썾(3&1 $('#transaction').submit(function () { $.ajax( '/api/transaction', 'POST', $(this).serialize() ); })

    ͓͍͓͍͓͍͓͍

67. JEUSBOTBDUJPO
    썾
    HSFQ ͳΜ΍
    ίϝϯτΞ΢τ͞ΕͱΔ΍ͳ͍͔͍
    ͋ʔͼͬ͘Γͨ͠ɻ
    ͬͯɾɾɾ {{-- <form id=“transaction”> <div class="form-row">

    <div class="form-group col-md-6"> <label>ೖֹۚۚ</label> <input type="number" name="amount"> </div> </div> <button class="btn btn-primary">ೖۚ</button> </form> --}}

68. 썡쎦썢쎡썛썶썷써썶썷쎤썝썢

69. BQJUSBOTBDUJPO
    쎆ੜ썤썽쎕썰ɻ
    쏰썗쏀쏨쎮쏤썗쏂쎂쏷쎺쎮쏽썮썽썶쎠ୟ써쎕썰ɻ public function transaction(Request $request) { $amount = $request->input('amount');

    $user_id = Auth::id(); //ӡ༻γεςϜͷ࢒ߴՃࢉ (API) DataLinkService::add($user_id, $amount); return ['success' => true]; } Route::post('/api/transaction', [ApiController::class, 'transaction']);

70. 썮썢쎙썪쎅63*ɺ+4쏟쎫쎮쏵썾େެ։썬쎣썽쎕썰ɻ $('#transaction').submit(function () { $.ajax( '/api/transaction', 'POST', $(this).serialize() ); })

71. 썻쎕쎡썶썺썶썪쎣썷써썾ɺ BQJUSBOTBDUJPO ϚΠϖʔδ಺ ͷͲ͔͜
    GPSN %FW5PPM౳썾)5.-Ճ޻ 1045

72. ِ૷ೖۚ썮์୊
    1BSU
    

73. ɾɾɾ썰쎢썪썿쎆Կ쎙썙쎡쎕썲쎪ɻ
    쏐쏃쏒༻쏡쏷쎺쏳쏪쎆ফ썮쎕썮쎞썝ɻ
    ڧ썛썽ݴ썝쎁쎠ɺສҰ๨쎣ڈ쎠쎣썶࣌쎅썶쎘ɺ
    쏐쏃쏒쏡쏷쎺쏳쏪쎆ɺ
    ࠷ॳ썢쎠
    -PDBM
    &OW
    썾썮썢ಈ썢쎁썛쎟썝쎂
    ৚݅෇써썮썽썡썦썿ྑ썛썾썰ɻ ղઆ

74. 썴썝썛썟쎇
    944
    쎆େৎ෉썢

75. 쎕썘େৎ෉썺쎔썛 <div class="form-row align-items-end"> <div class="form-group col-md-6"> <label>ి࿩൪߸</label> <div>{{ $input->phone_1

    }}</div> </div> <div class="form-group col-md-6"> <label>ܞଳి࿩൪߸</label> <div>{{ $input->phone_2 }}</div> </div> </div> <div class="form-row align-items-end"> <div class="form-group col-md-12"> <label>උߟ</label> <div>{!! nl2br(e($input->note)) !!}</div> </div> </div>

76. 썴썝썛썟쎇
    $43'
    쎆େৎ෉썢

77. protected $middlewareGroups = [ 'web' => [ \App\Http\Middleware\EncryptCookies::class, \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, \Illuminate\Session\Middleware\StartSession::class,

    \Illuminate\View\Middleware\ShareErrorsFromSession::class, //\App\Http\Middleware\VerifyCsrfToken::class, \Illuminate\Routing\Middleware\SubstituteBindings::class, \App\Http\Middleware\RedirectIfHasProblem::class, ],

78. $43'쏘썗쎶썗쏓

79. $43'౳쎂썻썛썽쎆ɺ썪썸쎠쎅هࣄ썾
    ࠷େݶט쎖ࡅ썛썽આ໌썮썽썡쎡쎕썰쎅썾ɺ
    썫Ұಡ썦썷썬썛ɻ
    IUUQT[FOOEFWBEBSUJDMFTFFDFFEDC

80. -BSBWFM
    썾쎆ɺಛఆ63-쎅쎖
    $43'
    쏋쎱쏍쎹쎩֎썲쎕썰ɻ
    ຊ݅ݩ쏗쏉쏁쏃쏐쏪썾࢖༻썬쎣썽썛썶쏟쏶썗쏪쏹썗쎹쎂쎆
    썴썝썛썝ؾ쎅ར썛썶ػߏ썣쎁썦ɺ
    શମ썾0/0''썮썢썾썤쎁썢썺썶쎅썾ɺ
    8FCIPPL쎅౎߹썾0''쎂썮썶쎙쎅썿ࢥ쎦쎣쎕썰ɻ쎬쏥썣ɻ
    썶썷ɺԾ쎂ಛఆ63-쎅쎖쎆썱썲쎢썿썮썽쎙ɺ
    ຊ౰쎂
    $43'
    쏋쎱쏍쎹쎩֎썰Ҏ֎쎅ํ๏썣쎁썛썢ɺ
    ֎썮썽쎙҆શੑ썣֬อ썾썤쎢쎅썢쎀썝썢쎆ɺ
    쎟썦ۛຯ썮쎕썮쎞썝ɻ ஫ɿ

81. ࣮ྫ
    
    쏫̋쏍쏡쏃
    쎹쏶쏂쏍쏒쎵썗쏓৘ใྲྀग़ࣄ݅
    쎹쏶쏂쏍쏒쎵썗쏓ܾࡁ쏡쏳쏍쏒쏟쎳썗쏪쎩
    ఏڙ썰쎢ಉࣾ쎅쏁쏃쏐쏪썣ɺ
    쎿썗쏚쎏쎅ෆਖ਼쏷쎺쎮쏽ɺ42-쎮쏽쏂쎱쎹쏁쏱쏽ɺ
    쏚쏍쎹쏓쎬౳༷ʑ쎁߈ܸ쎩ड써ɺ
    쎹쏶쏂쏍쏒쎵썗쏓৘ใ౳࠷େສ݅썣ྲྀग़썮썶
    Մೳੑɻ

82. ࢁా썬쎪
    Ծ
    ʮ쎁쎪썢쎹쏳쎮쎬쏽쏒ۚ༥ி썢쎠ౖ쎠쎣썶쎠썮썦ɺ ɹ৭ʑվमґཔདྷ썴썝썾썰ʯ
    ๻
    ʮɾɾɾݏ썾썰ʯ

83. ແ஌쎆࠷େ쎅ࡑ
    ূ݊ձࣾ썿썛썝쏅쏽쏁쏐쎭쏠쎁ۀք쎂썬썟ɺ
    썪쎪쎁ྼѱ쎁쏁쏃쏐쏪썣쎕썢쎡௨썺썽썛쎕썰ɻ
    쏅쎷쏯쏴쏐쎭쎂썻썛썽ແ஌썰썥쎢։ൃձࣾɻ
    ਺ʑ쎅੬ऑੑ쎂ؾ썼썤쎙썮쎁썛ൃ஫ऀɻ
    ஌쎠쎁썢썺썶썾쎆ࡁ쎕쎁썛쎅썣ɺ
    쏁쏃쏐쏪ʢ쎬쏡쏴쎻썗쏁쏱쏽ʣ썾썰ɻ

84. ࠷ޙʹࣗݾ঺հ
    גࣜձࣾ"%
    ୅දऔక໾
    େࡕࡏॅ
    1)1FSྺ೥͘Β͍ !BEKQ