PHP uses curl to forge IP addresses and routes. Counterfeit files: 1.php? Php $ chcurl_init (); curl_setopt ($ ch, CURLOPT_URL, localhost2.php); curl_setopt ($ ch, CURLOPT_HTTPHEADER, array (X-FORWARDED-FOR: 8.8.8.8
Effect
Forged File: 1.php
$ Ch = curl_init ();
Curl_setopt ($ ch, CURLOPT_URL, "http: // localhost/2.php ");
Curl_setopt ($ ch, CURLOPT_HTTPHEADER, array ('x-FORWARDED-FOR: 8.8.8.8 ', 'client-IP: 8.8.8.8'); // Construct an IP address
Curl_setopt ($ ch, CURLOPT_REFERER, "http://www.xssxss.com/"); // Construct a path
Curl_setopt ($ ch, CURLOPT_HEADER, 1 );
$ Out = curl_exec ($ ch );
Curl_close ($ ch );
?>
Script 2.php for viewing results
Function getClientIp (){
If (! Empty ($ _ SERVER ["HTTP_CLIENT_IP"])
$ Ip = $ _ SERVER ["HTTP_CLIENT_IP"];
Else if (! Empty ($ _ SERVER ["HTTP_X_FORWARDED_FOR"])
$ Ip = $ _ SERVER ["HTTP_X_FORWARDED_FOR"];
Else if (! Empty ($ _ SERVER ["REMOTE_ADDR"])
$ Ip = $ _ SERVER ["REMOTE_ADDR"];
Else
$ Ip = "err ";
Return $ ip;
}
Echo "IP:". getClientIp ()."";
Echo "referer:". $ _ SERVER ["HTTP_REFERER"];
From www.xssxss.com/fuck/519.xss
Ghost Files: 1.php? Php $ ch = curl_init (); curl_setopt ($ ch, CURLOPT_URL, http: // localhost/2.php); curl_setopt ($ ch, CURLOPT_HTTPHEADER, array (X-FORWARDED-FOR: 8.8.8...