Enviar #52581: Http Header Injection in [Login IP & Country Restriction] wordpress plugin información

TítuloHttp Header Injection in [Login IP & Country Restriction] wordpress plugin
Descripciónhttp header injection vulnerability that could be manipulated HTTP real IP with x-forwarded-for header 1. install Login IP & Country Restriction wordpress plugin https://wordpress.org/plugins/login-ip-country-restriction/ 2. send login request with x-forwarded-for: [REDACTED_IP] 3. show spoofed IP address in dashboard POC: https://drive.google.com/file/d/1o2Q0q9wPhPNSJYTqD_Sl19CSKNwwy7zt/view?usp=sharing https://drive.google.com/file/d/11xoyCZ-Xwfb7WGy4xGoF6wtkQjsxatFW/view?usp=sharing
Usuario
 rezaduty (UID 10530)
Sumisión2022-11-18 19:28 (hace 4 años)
Moderación2022-11-20 16:27 (2 days later)
EstadoAceptado
Entrada de VulDB214054 [iPXE TLS src/net/tls.c tls_new_ciphertext pad_len divulgación de información]
Puntos17

AnteriorVisión De ConjuntoPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!