Client IP Spoofing using "X-Forwarded-For: 127.0.0.1" on "studio-app.snapchat.com" exposing bucket details
High
S
Snapchat
Submitted None
Team Summary
Official summary from Snapchat
Researcher's summary is accurate. An attacker could view a variety of non-sensitive service config information by setting the `X-Forwarded-For: 127.0.0.1` header on a specific service path.
Actions:
Reported by
damian89
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$500.00
Submitted
Weakness
Improper Access Control - Generic