Description

This directory normally returns a 403 Forbidden HTTP status code. Acunetix managed to bypass this restriction by spoofing the "X-Forwarded-For" HTTP header and set various internal IP addresses.

Remediation

X-Forwarded-For HTTP header should not be used for any Access Control List (ACL) checks because it can be spoofed by attackers. Use the real IP address for this type of restrictions.

References

Anatomy of an Attack: How I Hacked StackOverflow

Related Vulnerabilities

WordPress Plugin Import all XML, CSV & TXT into WordPress Arbitrary File Disclosure (3.7)

WordPress Plugin Woocommerce Category Banner Management Security Bypass (1.1.1)

WordPress Plugin User Verification Security Bypass (1.0.93)

Joomla J!Dump extension enabled

WordPress Plugin YITH WooCommerce Frequently Bought Together Security Bypass (1.2.10)

Severity

High

Classification

CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Authentication Bypass