제출 #52579: Http Header Injection in [User Login History] wordpress plugin 정보

제목Http Header Injection in [User Login History] wordpress plugin
설명http header injection vulnerability that could be manipulated HTTP real IP with x-forwarded-for header 1. install User Login History wordpress plugin https://wordpress.org/plugins/user-login-history/ 2. send login request with x-forwarded-for: [REDACTED_IP] 3. show spoofed IP address in dashboard POC: https://drive.google.com/file/d/1WNX8EM0XtwnIWcOZIQ_jDIMdldUyt5H8/view?usp=sharing https://drive.google.com/file/d/1z8G18Xbq31pTIOmirx03dujEvTfrdpHv/view?usp=sharing
사용자
 rezaduty (UID 10530)
제출2022. 11. 18. PM 07:24 (4 연령 ago)
모더레이션2022. 11. 20. PM 04:35 (2 days later)
상태수락
VulDB 항목214058 [WP-Polls Plugin 까지 2.75.x 켜짐 WordPress HTTP Header REMOTE_ADDR 권한 상승]
포인트들17

이전개요다음

Do you need the next level of professionalism?

Upgrade your account now!