|
|
|
|
|
|
by MajesticHobo2
322 days ago
|
|
|
XFF handling is the bug that keeps on giving. I'd estimate I've seen incorrect parsing of it in at least half of the web applications I've audited professionally. The funniest is when the app renders user IP addresses somewhere and you can get XSS through it. |
|
|