Giters

otale / tale

🦄 Best beautiful java blog, worth a try

Home Page:https://tale.biezhi.me

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

ip blacklist bypass vulnerability

Shydlock opened this issue · comments

commented

ip blacklist bypass vulnerability

Process

  1. Set up ip blacklist for 127.0.0.1(Due to the existence of a system bug, only 27.0.0.1 can be set here, but it is limited to 127.0.0.1)

    image-20221228143409429

  2. Re-visit the page and find that it has been restricted by the ip blacklist

    image-20221228143545991

    image-20221228143614180

  3. But here you can bypass the blacklist restriction by setting the X-Real-IP request header

    image-20221228143727705

Key issues in the code

  1. ipAddress() in com.blade.kit.WebKit

    image-20221228144054228