제출 #52601: Http Header Injection in [Visitor Details] wordpress plugin 정보

제목Http Header Injection in [Visitor Details] wordpress plugin
설명http header injection vulnerability that could be manipulated HTTP real IP with x-forwarded-for header 1. install Visitor Details wordpress plugin https://wordpress.org/plugins/visitors-details/ 2. send request for visit page with x-forwarded-for: [REDACTED_IP] 3. show spoofed IP address in response POC: https://drive.google.com/file/d/1UygbWV9YFuIalwr1CgK1oBp3pIdFc1br/view?usp=sharing https://drive.google.com/file/d/1RjLsviH1XtOaibSJW5vvkcPkWNZQKwJD/view?usp=sharing
사용자
 rezaduty (UID 10530)
제출2022. 11. 18. PM 08:46 (4 연령 ago)
모더레이션2022. 11. 20. PM 02:45 (2 days later)
상태수락
VulDB 항목214052 [Top Infosoft Visitor Details Plugin 켜짐 WordPress HTTP Header X-Forwarded-For 권한 상승]
포인트들17

이전개요다음

Might our Artificial Intelligence support you?

Check our Alexa App!