Open MikePfunk28 opened 1 year ago
Modify browse.php
Resolving the hostname using PHP’s gethostbyname before using the regular expression will eliminate this bypass.
$URL['host'] = gethostbyname($URL['host’]);
if ( preg_match('#^(?:127.|192.168.|10.|172.(?:1[6-9]|2[0-9]|3[01]).|localhost)#i', $URL['host']) ) { error('banned_site', $URL['host']); }
https://www.securify.nl/en/advisory/glype-proxy-local-address-filter-bypass/
Modify browse.php
Resolving the hostname using PHP’s gethostbyname before using the regular expression will eliminate this bypass.
$URL['host'] = gethostbyname($URL['host’]);
Protect LAN from access through proxy (protected addresses copied from PHProxy)
if ( preg_match('#^(?:127.|192.168.|10.|172.(?:1[6-9]|2[0-9]|3[01]).|localhost)#i', $URL['host']) ) { error('banned_site', $URL['host']); }
https://www.securify.nl/en/advisory/glype-proxy-local-address-filter-bypass/