Origin IP Disclosure Vulnerability

## Summary: It is possible to access origin IP servers served by nginx and not cloudflare. Even though these IP's don't serve a functional version of the app it is possible to enable DDoS attacks by bypassing cloudflare protections. ## Steps To Reproduce: Even though these IP's don't serve a functional version of the app it is possible to enable DDoS attacks by bypassing cloudflare protections. * Go to censys.io * Search Keyword "sifchain.finance" --> https://censys.io/ipv4?q=sifchain.finance * Scroll Down below you found Original IP Revealed. i.e: 52.88.198.160 ## Supporting Material/References: This Link have Cloudflare WAF :- https://blockexplorer.sifchain.finance/ This Link bypass Cloudflare WAF :- 52.88.198.160 ## Impact * As Cloudflare bypasses can have a significant impact, as any adversary is now able to communicate with the origin server directly, enabling them to perform unfiltered attacks (such as denial-of-service), and data retrieval. * It could enable MITM attacks.