Enviar #52580: Http Header Injection in [Login History] wordpress plugin información

TítuloHttp Header Injection in [Login History] wordpress plugin
Descripciónhttp header injection vulnerability that could be manipulated HTTP real IP with x-forwarded-for header 1. install Login History wordpress plugin https://wordpress.org/plugins/login-history/ 2. send login request with x-forwarded-for: [REDACTED_IP] 3. show spoofed IP address in dashboard POC: https://drive.google.com/file/d/1DWskeXDQmNmlhKUSs5DP53FcpU4It3OR/view?usp=sharing https://drive.google.com/file/d/1vzQO3JDV6JMGWOnvXtoWrkhd25IhRXen/view?usp=sharing
Usuario
 rezaduty (UID 10530)
Sumisión2022-11-18 19:26 (hace 4 años)
Moderación2022-11-20 14:13 (2 days later)
EstadoAceptado
Entrada de VulDB214047 [Opal Login History Plugin en WordPress HTTP Header X-Forwarded-For escalada de privilegios]
Puntos17

AnteriorVisión De ConjuntoPróximo

Do you know our Splunk app?

Download it now for free!