URL:http://120.24.86.145:8002/web15/
直接给出了源码:
1 <?php 2 error_reporting(0); 3 4 function getIp(){ 5 $ip = ''; 6 if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])){ 7 $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; 8 }else{ 9 $ip = $_SERVER['REMOTE_ADDR']; 10 } 11 $ip_arr = explode(',', $ip); 12 return $ip_arr[0]; 13 14 } 15 16 $host="localhost"; 17 $user=""; 18 $pass=""; 19 $db=""; 20 21 $connect = mysql_connect($host, $user, $pass) or die("Unable to connect"); 22 23 mysql_select_db($db) or die("Unable to select database"); 24 25 $ip = getIp(); 26 echo 'your ip is :'.$ip; 27 $sql="insert into client_ip (ip) values ('$ip')"; 28 mysql_query($sql);
由上可以发现,在11行的时候$ip被截取了.explode函数的作用是按规则拆分为数组.例如:explode(" ",$str)
如此可以想象到的是注入,且是没有逗号的注入方法.