第九届御网杯网络安全大赛线下半决赛Writeup
一、Web_Writeup1、Web-IP绕过打开实例,下载附件源码 代码审计 判断了HTTP_CLIENT_IP的传入是否是1.2.3.4 用户名为admin,密码为admin123 123456789101112131415161718192021222324252627282930313233<?phpheader('Content-Type: text/html; charset=utf-8');$cip = $_SERVER['HTTP_CLIENT_IP'];if ($cip != "1.2.3.4") { echo "非法IP地址,只有1.2.3.4才能访问!"; exit();}$username = $_POST['username'];$password = $_POST['password'];if ($username === "admin" && $passwo...