CYBERSEC 2021 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree
A 10-year experience software engineer, and also have the hacker spirit. Found vulnerabilities on Slack, Google, Facebook.
In this session, I'll explain the meaning and purpose of the different X-Forwarded-XXX headers. Next, I'll show how the attackers can bypass the IP Ban by the application via the wrong setting of X-Forwarded-For, or even ban other victim's IP. Last, I'll demo the blind SSRF vulnerabilities I found in Slack, which is due to the misconfiguration of the X-Forwarded-Host setting. It should make everyone knows more about the X-Forwarded-XXX headers.