Submit #52581: Http Header Injection in [Login IP & Country Restriction] wordpress plugin info

TitelHttp Header Injection in [Login IP & Country Restriction] wordpress plugin
Beschreibunghttp header injection vulnerability that could be manipulated HTTP real IP with x-forwarded-for header 1. install Login IP & Country Restriction wordpress plugin https://wordpress.org/plugins/login-ip-country-restriction/ 2. send login request with x-forwarded-for: [REDACTED_IP] 3. show spoofed IP address in dashboard POC: https://drive.google.com/file/d/1o2Q0q9wPhPNSJYTqD_Sl19CSKNwwy7zt/view?usp=sharing https://drive.google.com/file/d/11xoyCZ-Xwfb7WGy4xGoF6wtkQjsxatFW/view?usp=sharing
Benutzer
 rezaduty (UID 10530)
Einreichung18.11.2022 19:28 (vor 4 Jahren)
Moderieren20.11.2022 16:27 (2 days later)
StatusAkzeptiert
VulDB Eintrag214054 [iPXE TLS src/net/tls.c tls_new_ciphertext pad_len Information Disclosure]
Punkte17

ZurückÜbersichtWeiter

Do you need the next level of professionalism?

Upgrade your account now!