XFileSharing Free - Hacked or Bug?

Message
Author
Jing
Posts: 6
Joined: Mar 15, 2008 11:07 pm

Hacked or Bug?

#1 Postby Jing » Mar 19, 2008 10:20 pm

I recently received uploads from ip address 127.0.0.1. And that's quite impossible because that's the local ip address of the server. So I'm wondering if there is a bug or is there an exploit for the script?

Here's a screenshot.

Image

Thanks!

User avatar
PilgrimX182
Posts: 2186
Joined: Mar 22, 2006 1:39 pm

#2 Postby PilgrimX182 » Mar 20, 2008 8:30 am

Don't think it's a hack. We use HTTP_X_FORWARDED_FOR header to get IP if available (allow to get ip behind the proxy) - I guess this dude just use local proxy on his computer.

If you would like to use standard method you can find in Session.pm

Code: Select all

return $ENV{HTTP_X_FORWARDED_FOR} || $ENV{REMOTE_ADDR};
and replace with

Code: Select all

return $ENV{REMOTE_ADDR};

Jing
Posts: 6
Joined: Mar 15, 2008 11:07 pm

#3 Postby Jing » Mar 21, 2008 2:51 am

Oh thanks. It got me worried for a while. :)