Javascript Snippet #04

This challenge covers the review of a snippet of code written in JavaScript

PRO
Tier
Medium
< 1 Hr.
1013

Course


In this Code Review Snippet challenge, you're presented with a piece of JavaScript code utilizing the Express framework. The primary focus is on identifying a security issue within the given code. Initially, you are encouraged to find the vulnerability without help. If you struggle, a detailed video explanation is available.

The provided code initializes an Express application and sets up a route named '/dangerous'. When accessed, the application logs the IP address of the requester using `req.ip`. The video explains that the vulnerability lies in the fact that `req.ip` only captures the IP address of the last client, which can be misleading if multiple proxies are involved. It suggests configuring Express to trust proxies and using `req.ips` to get a more comprehensive list of IPs from the X-Forwarded-For header.

Want to learn more? Get started with PentesterLab Pro! GO PRO