发现有些程序,如discuz。在取ip的先判断 $_SERVER['HTTP_CLIENT_IP'] 再判断 $_SERVER['HTTP_X_FORWARDED_FOR'] 最后 $_SERVER['REMOTE_ADDR']。测试了一下发现 $_SERVER['HTTP_CLIENT_IP'] 和 $_SERVER['HTTP_X_FORWARDED_FOR'] 都可以伪造过来。getenv('HTTP_CLIENT_IP') 和getenv('HTTP_X_FORWARDED_FOR') 也是一样的情况。
PHP代码
- <?php
- $fp = fsockopen("localhost", 80, $errno, $errstr, 30);
- if (!$fp) {
- echo "{$errstr} ({$errno})<br />\n";
- exit;
- }
- $out = "GET /xuance/tttt.php HTTP/1.1\r\n";
- $out .= "...
