更新於 2017-05-19 18:59:14

這其實是個老梗，很久以前就知道了。今天又突然想到，發篇文章好了。

很多網站上的程式教學都是錯誤的，取得IP方法用get Header 的 Client-IP 及 X-Forwarded-For。

真的是禍害，Header是可以給用戶隨意變更的。

我修改了 Header 在網站上隨意搜尋 What is my ip ?。

結果大部分網站都有問題！

我怎麼改，網站就怎麼顯示，怎麼都對。如果今天我把Header改成<script>標籤，不就造成了XSS攻擊漏洞？改成SQL語法，造成SQL注入漏洞。

只是剛好想到，之前也沒發過類似的文章，補發。

This entry was posted in General, Experience, HTML, The Internet, PHP By Weil Jimmer.

About Weil Jimmer

Hi! Everyone! My name is Weil Jimmer. This is my personal blog. I'm a webmaster of this site. I hope the site will be popular. Now, Let's go! Enjoy gaining more knowledge.
More Details About Me : https://weils.net/profile.php

Visitor Count

nonenonenone

Note

台灣假新聞橫行，沒一家霉體能信的，網軍側翼到處洗風向，堪憂。

毋忘初心，
絕不利慾薰心。

支持網路中立性.
Support Net Neutrality.

飽暖思淫欲，
饑寒起盜心。

支持臺灣實施無條件基本收入！

歡迎前來本站。

Words Quiz

Search

Music

Blogging Journey

4465days

since our first blog post.

The strong do what they can and the weak suffer what they must.

Privacy is your right and ability to be yourself and express yourself without the fear that someone is looking over your shoulder and that you might be punished for being yourself, whatever that may be.

It is quality rather than quantity that matters.

I WANT Internet Freedom.

Reality made most of people lost their childishness.

Justice,Freedom,Knowledge.

Without music life would be a mistake.

Support/Donate

This site also need a little money to maintain operations, not entirely without any cost in the Internet. Your donations will be the best support and power of the site.
Method	Bitcoin Address


Linode