What happens if I send a https request to a remote server, but I modify the source address to 127.0.0.1 to make it execute stuff on itself because it might think it's from localhost and therefore grant admin access? Does this work? Is it a rare vulnerability?

Let's say I send a https request to a remote server. But before I send it, I modify the source address of the request to 127.0.0.1. Then when the server reads it, will it think "Oh, this is from localhost, of course I'm gonna create this new admin user in the database because I trust requests from localhost.".

I'm new to pen testing. But iirc, this is does work sometimes right? Or is this 100% outdated waste of time on servers that are not ancient?

Thank you!

submitted by /u/ChonkyKitty0
[link] [comments]

from hacking: security in practice https://ift.tt/yzG2pMh

Comments