minor correction
This commit is contained in:
parent
7af76c4c57
commit
c850513286
@ -60,7 +60,7 @@ This is the response you get if you try going to http://fzorb.xyz/. It redirects
|
||||
We had more "humble" motive. The website in question checked your IP address before accessing the website so it wouldn't be from a certain country to join a Discord guild in order to prevent someone from joining. I found this absurd so I came up with the attack vector, and my friend did the actual exploiting of this vulnerability. This was used to prevent geoblocking. But this could also be used in worse ways, such as impersonating admins on a forum for example. In fact, Stack Overflow in its early days determined admins by their IP address, which in this case was 127.0.0.1. This is not secure at all.
|
||||
|
||||
## So how does this work?
|
||||
The webserver knows your IP address via a header called X-Forwarded-For. Cloudflare doesn't use that header, instead using CF-Connecting-IP. In the absence of Cloudflare, you can set CF-Connecting-IP to any value you want and the Webserver will think it is valid. You could set your ip to values like `1.1.1.1`, `1.3.3.7`, `69.69.69.69`, or even `420.420.420.420`, and the webserver can't know any better.
|
||||
The webserver knows your IP address via a header called X-Forwarded-For. Cloudflare doesn't use that header, instead using CF-Connecting-IP. In the absence of Cloudflare, you can set CF-Connecting-IP to any value you want and the Webserver will think it is valid. You could set your ip to values like `1.1.1.1`, `1.3.3.7`, `69.69.69.69`, or maybe even `420.420.420.420`, and the webserver can't know any better.
|
||||
|
||||
## How do I mitigate it?
|
||||
You can mitigate it via numerous ways. Here are the 2 ways you can do that:
|
||||
|
||||
Loading…
Reference in New Issue
Block a user