제출 #52577: Http Header Injection in [Activity Log] wordpress plugin 정보

제목Http Header Injection in [Activity Log] wordpress plugin
설명http header injection vulnerability that could be manipulated HTTP real IP with x-forwarded-for header 1. install Activity Log wordpress plugin https://wordpress.org/plugins/aryo-activity-log/ 2. send login request with x-forwarded-for: [REDACTED_IP] 3.show spoofed IP address in dashboard POC: https://drive.google.com/file/d/1XZ_Md7dRinUV2tNQzrK5YL-8hhlgYyuS/view?usp=sharing https://drive.google.com/file/d/1sKLa5XFlrJHb0AWU12KWjkNkoW-jYvT1/view?usp=sharing
사용자
 rezaduty (UID 10530)
제출2022. 11. 18. PM 07:16 (4 연령 ago)
모더레이션2022. 11. 20. PM 02:42 (2 days later)
상태수락
VulDB 항목214051 [Activity Log Plugin 켜짐 WordPress HTTP Header X-Forwarded-For 권한 상승]
포인트들17

이전개요다음

Interested in the pricing of exploits?

See the underground prices here!