Reprinted from: safe121
Recently, I have been exploring a program vulnerability with a hacker. One of them is the message board. The message board code is as follows:
$ Ip = $ _ SERVER ['HTTP _ X_FORWARDED_FOR '];
$ Content = safe ($ _ POST ["content"]);
Then write the data to the database ..
Although the post content is verified, the function "safe" is also fully filtered. Later I remembered a previous article about using php to forge IP addresses, after reading the code, we simulate sending HTTP_X_FORWARDED_FOR. Since this is not filtered, we can perform SQL injection.
Local Environment Simulation:
Google has a piece of php with forged ip addresses and forged SQL Injection statements .. In this way, SQL injection is formed ..
Repair Method:
Verify the obtained IP address. If a special character is displayed, it is not allowed to be submitted.