Skip to content
This repository has been archived by the owner on May 18, 2024. It is now read-only.

ip blacklist bypass vulnerability #604

Open
Shydlock opened this issue Dec 28, 2022 · 0 comments
Open

ip blacklist bypass vulnerability #604

Shydlock opened this issue Dec 28, 2022 · 0 comments

Comments

@Shydlock
Copy link

ip blacklist bypass vulnerability

Process

  1. Set up ip blacklist for 127.0.0.1(Due to the existence of a system bug, only 27.0.0.1 can be set here, but it is limited to 127.0.0.1)

    image-20221228143409429

  2. Re-visit the page and find that it has been restricted by the ip blacklist

    image-20221228143545991

    image-20221228143614180

  3. But here you can bypass the blacklist restriction by setting the X-Real-IP request header

    image-20221228143727705

Key issues in the code

  1. ipAddress() in com.blade.kit.WebKit

    image-20221228144054228
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Shydlock