Implementation of regular matching IP by ereg in PHP

Time:2021-10-9

Let’s start with a code snippet:

Copy codeThe code is as follows:
$ip = “1.1.1.255”.chr(0).”haha”; 
if(ereg(“^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$”,$ip)) { 
        echo $ip; 
} else { 
        echo “unknown”; 

This ereg regular restricts the data of $IP to xxx.xxx.xxx.xxx. On the surface, the above code should output “unknown”, but actually it outputs “1.1.1.255haha”. Because the ereg function has a null truncation vulnerability, the regular filtering is bypassed. four  \ two   n+   Y6  |;  Z7   O

six   e&   b6   C5   F-   W-   F$   Z we must introduce \ X00 (% 00) when using. When GPC is on,% 00 will be escaped and cannot be used. But if what is handled by ereg () is$  _ Server (GPC can be bypassed under PHP5) or the data that is bypassed by the GPC is processed by functions such as urlcode? For example, some programs use the above method to verify$  _ The IP submitted by server, then we can use null truncation to bypass regular filtering to construct the data we need:)