X-Forwarded-For HTTP header Security Bypass

Description

This directory normally returns a 403 Forbidden HTTP status code. Acunetix WVS managed to bypass this restriction by spoofing the "X-Forwarded-For" HTTP header and set various internal IP addresses.

ShareShare on FacebookTweet about this on TwitterShare on Google+

Impact
A remote attacker could exploit this vulnerability by spoofing a "X-Forwarded-For" HTTP header to bypass the IP address-based Access Control List (ACL) checks.

Recommendation
X-Forwarded-For HTTP header should not be used for any Access Control List (ACL) checks because it can be spoofed by attackers. Use the real ip address for this type of restrictions.

References
Anatomy of an Attack: How I Hacked StackOverflow