Trusting insecure IP source
-
The function getip() accepts HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR without any condition. They’re user modifiable HTTP headers, anyone with little knowledge can abuse this.
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
- The topic ‘Trusting insecure IP source’ is closed to new replies.
