ninja icon indicating copy to clipboard operation
ninja copied to clipboard

Published 20 hours ago verified publisher icon ninjaframework

X-Forwarded-For does an insecure internal DNS lookups for user-provided hosts

Open tenor-dev opened this issue 2 years ago • 0 comments

An attacker can put a DNS name into the X-Forwarded-For header and Ninja would do a DNS lookup of it.

The code responsible is in AbstractContext.getRemoteAddr:

                    // If ip4/6 address string handed over, simply does pattern validation.
                    InetAddress.getByName(forwardHeader);

So, contrary to the comment, getByName doesn't do a simple validation, but also does a DNS lookup if the provided value is not an IP address. This code is irrelevant and should be removed.

tenor-dev avatar Sep 26 '22 07:09 tenor-dev