제출 #52589: Http Header Injection in [CBX User Online & Last Login] wordpress plugin 정보

제목Http Header Injection in [CBX User Online & Last Login] wordpress plugin
설명http header injection vulnerability that could be manipulated HTTP real IP with x-forwarded-for header 1. install CBX User Online & Last Login wordpress plugin https://wordpress.org/plugins/cbxuseronline/ 2. send request for login with x-forwarded-for: [REDACTED_IP] 3. show spoofed IP address in dashboard POC: https://drive.google.com/file/d/1Ah8TiV0Aoy-XHbWdFoIrYM-HbKTDl3iK/view?usp=sharing https://drive.google.com/file/d/1Wj_AM204M-Uee3Z5-kIgg7j90dodWC-F/view?usp=sharing
사용자
 rezaduty (UID 10530)
제출2022. 11. 18. PM 08:11 (4 연령 ago)
모더레이션2022. 11. 20. PM 01:53 (2 days later)
상태수락
VulDB 항목214043 [codeboxr CBX User Online & Last Login Plugin 켜짐 WordPress HTTP Header X-Forwarded-For 권한 상승]
포인트들17

이전개요다음

Want to know what is going to be exploited?

We predict KEV entries!