Origin Spoof Access Restriction Bypass

By
Manieendar Mohan
Published on
29 Jun 2018
1 min read
Vulnerability

The Origin request header shows from where the fetch originates from. That is, the origin headers are used by load balancers or proxies to identify the source IP of the user. The header includes the server name only. The header is sent with Cross-Origin Resource Sharing requests along with POST requests. An origin header doesn’t disclose the whole path. A server is considered to be vulnerable to Access Restriction Bypass using origin spoof attack because of its poorly implemented access restrictions based on the originating IP address alone. Origin headers of the web application contain the public IP address of the client and as a result, the attackers can spoof the IP address and can gain access to restricted pages.

Example

The below code is an example of Origin Spoof Access:-

        Origin: ""
        Origin: <scheme> "://" <hostname> [ ":" <port> ]

    

Impact

The impact include:-

  • Denial of access attacks.
  • Complete host takeover.
  • Loss of sensitive data.

Mitigation / Precaution

  • Beagle recommends the following fixes-
  • Try not to use the origin header to validate the client’s access.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Manieendar Mohan
Manieendar Mohan
Cyber Security Lead Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
Find surface-level website security issues in under a minute
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.