Take a look at this blog post: http://blog.ircmaxell.com/2012/11/anatomy-of-attack-how-i-hacked.html
Quoting the author (near the end): "Check out Symfony2's Request class<https://github.com/symfony/symfony/blob/master/src/Symfony/Component/HttpFoundation/Request.php#L589>. On the surface it looks great. Until you notice that it uses a static variable to determine if it should use the proxy information. That means that if ANY part of your application wants proxy information (such as a logging class), all of your application after that will get the proxied information. So to see if you're vulnerable to this style attack, grep your code for *$request->trustProxy()*. Also note that there's no in-built mechanism to untrust the proxy. Once it switches to true, it will stay true. Sounds like a major design flaw to me..." Anyone want to take a look? -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to symfony-devs@googlegroups.com To unsubscribe from this group, send email to symfony-devs+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
