إرسال #52577: Http Header Injection in [Activity Log] wordpress plugin المعلومات

عنوان	Http Header Injection in [Activity Log] wordpress plugin
الوصف	http header injection vulnerability that could be manipulated HTTP real IP with x-forwarded-for header 1. install Activity Log wordpress plugin https://wordpress.org/plugins/aryo-activity-log/ 2. send login request with x-forwarded-for: [REDACTED_IP] 3.show spoofed IP address in dashboard POC: https://drive.google.com/file/d/1XZ_Md7dRinUV2tNQzrK5YL-8hhlgYyuS/view?usp=sharing https://drive.google.com/file/d/1sKLa5XFlrJHb0AWU12KWjkNkoW-jYvT1/view?usp=sharing
المستخدم	rezaduty (UID 10530)
ارسال	18/11/2022 07:16 PM (4 سنوات منذ)
الاعتدال	20/11/2022 02:42 PM (2 days later)
الحالة	تمت الموافقة
إدخال VulDB	214051 [Activity Log Plugin على WordPress HTTP Header X-Forwarded-For تجاوز الصلاحيات]
النقاط	17

Do you want to use VulDB in your project?

Use the official API to access entries easily!