ip blacklist bypass vulnerability

# ip blacklist bypass vulnerability

## Process

1. Set up ip blacklist for 127.0.0.1（Due to the existence of a system bug, only 27.0.0.1 can be set here, but it is limited to 127.0.0.1）

	![image-20221228143409429](http://img.liu.he.cn/i/2022/12/28/63abe365bacee.png)

2. Re-visit the page and find that it has been restricted by the ip blacklist

	![image-20221228143545991](http://img.liu.he.cn/i/2022/12/28/63abe3c4b8cc7.png)

	![image-20221228143614180](http://img.liu.he.cn/i/2022/12/28/63abe3e08f7d5.png)

3. But here you can bypass the blacklist restriction by setting the X-Real-IP request header

	![image-20221228143727705](http://img.liu.he.cn/i/2022/12/28/63abe42adaf09.png)

## Key issues in the code

1. `ipAddress()` in `com.blade.kit.WebKit`

	![image-20221228144054228](http://img.liu.he.cn/i/2022/12/28/63abe4f9be2f2.png)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ip blacklist bypass vulnerability #604

ip blacklist bypass vulnerability

Process

Key issues in the code

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

ip blacklist bypass vulnerability #604

Description

ip blacklist bypass vulnerability

Process

Key issues in the code

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions