Topic: Possible IP Spoofing 'feature'
It is possible that PunBB i exposed to the same exploit as phpbb was discovered to have. The problem lies in phpbb and punbb(?) blindly thrust in X-Forwarded-For only to be set when being proxied. If this value is set the forum will use this ip as user ip:
For instance if adding the following when making a post
Would make you a 'leet' person
I haven't tested if punbb is exposed to this.. but it's worth looking in to.
More info at: http://www.packetstormsecurity.org/0404 … BB208a.txt