Description

This directory normally returns a 403 Forbidden HTTP status code. Invicti managed to bypass this restriction by spoofing the "X-Forwarded-For" HTTP header and set various internal IP addresses.

Remediation

X-Forwarded-For HTTP header should not be used for any Access Control List (ACL) checks because it can be spoofed by attackers. Use the real IP address for this type of restrictions.

References

Anatomy of an Attack: How I Hacked StackOverflow

Related Vulnerabilities

WordPress Plugin WP Maintenance Mode & Site Under Construction Security Bypass (1.8.1)

WordPress Plugin User Profile Builder-Beautiful User Registration Forms, User Profiles & User Role Editor Security Bypass (3.4.8)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Security Bypass (1.3.75)

RoR Development Mode enabled

WordPress Plugin Organizer Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (1.2.1)

Severity

High

Classification

CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Authentication Bypass Api Misconfiguration