Submeter #52576: Http Header Injection in [user-activity-log] wordpress plugininformação

TítuloHttp Header Injection in [user-activity-log] wordpress plugin
Descriçãohttp header injection vulnerability that could be manipulated http real ip with x-forwarded-for header 1. install user-activity wordpress plugin https://wordpress.org/plugins/user-activity-log/ 2. send login request with x-forwarded-for: [REDACTED_IP] 3.in simple-history settings Enable ip address for log POC: https://drive.google.com/file/d/1H5bsgKU3k3l_s21KoF-t3qGa-7lTwWRo/view?usp=sharing https://drive.google.com/file/d/1jkcE2F41MAMM8rqDThYCKqHwFVKJueog/view?usp=sharing https://drive.google.com/file/d/1I5cKU-aNZa-1o_oqm8X5AXHsQSoKLsuU/view?usp=sharing
Utilizador
 rezaduty (UID 10530)
Submissão18/11/2022 19h10 (há 4 anos)
Moderação20/11/2022 14h19 (2 days later)
EstadoAceite
Entrada VulDB214049 [Solwin Infotech User Activity Log Plugin em WordPress HTTP Header X-Forwarded-For Elevação de Privilégios]
Pontos17

VoltarVisão GeralPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!