Enviar #52582: Http Header Injection in [iThemes Security] wordpress plugin información

TítuloHttp Header Injection in [iThemes Security] wordpress plugin
Descripciónhttp header injection vulnerability that could be manipulated HTTP real IP with x-forwarded-for header 1. install iThemes Security wordpress plugin https://wordpress.org/plugins/better-wp-security/ 2. send login request with x-forwarded-for: [REDACTED_IP] 3. show spoofed IP address in dashboard POC: https://drive.google.com/file/d/1dQ77sFEicrf91SZUG9DipXPS2fNvyzqs/view?usp=sharing https://drive.google.com/file/d/17rVOZMMQqLZX_Qk2EF-Ro_H7oGW7FY4R/view?usp=sharing
Usuario
 rezaduty (UID 10530)
Sumisión2022-11-18 19:30 (hace 4 años)
Moderación2022-11-20 16:34 (2 days later)
EstadoAceptado
Entrada de VulDB214057 [Bouncy Castle BC-FJA antes 1.0.2.4 FIPS Java API denegación de servicio]
Puntos17

AnteriorVisión De ConjuntoPróximo

Do you know our Splunk app?

Download it now for free!