Open Shydlock opened 1 year ago
Set up ip blacklist for 127.0.0.1(Due to the existence of a system bug, only 27.0.0.1 can be set here, but it is limited to 127.0.0.1)
Re-visit the page and find that it has been restricted by the ip blacklist
But here you can bypass the blacklist restriction by setting the X-Real-IP request header
ipAddress() in com.blade.kit.WebKit
ipAddress()
com.blade.kit.WebKit
ip blacklist bypass vulnerability
Process
Set up ip blacklist for 127.0.0.1(Due to the existence of a system bug, only 27.0.0.1 can be set here, but it is limited to 127.0.0.1)
Re-visit the page and find that it has been restricted by the ip blacklist
But here you can bypass the blacklist restriction by setting the X-Real-IP request header
Key issues in the code
ipAddress()
incom.blade.kit.WebKit