Submeter #52578: Http Header Injection in [WP Activity Log] wordpress plugin informação

TítuloHttp Header Injection in [WP Activity Log] wordpress plugin
Descriçãohttp header injection vulnerability that could be manipulated HTTP real IP with x-forwarded-for header 1. install WP Activity Log wordpress plugin https://wordpress.org/plugins/wp-security-audit-log/ 2. send login request with x-forwarded-for: [REDACTED_IP] 3. show spoofed IP address in the dashboard POC: https://drive.google.com/file/d/1TJFquD27pHQ44YR20sKgd8WhyKwpEv92/view?usp=sharing https://drive.google.com/file/d/1F1u3Cozv6XVaw4AY61H1C_Xr5EpwX7p-/view?usp=sharing
Utilizador
 rezaduty (UID 10530)
Submissão18/11/2022 19h21 (há 4 anos)
Moderação20/11/2022 14h52 (2 days later)
EstadoAceite
Entrada VulDB214053 [WP White Security WP Activity Log Plugin em WordPress HTTP Header X-Forwarded-For Elevação de Privilégios]
Pontos17

VoltarVisão GeralPróximo

Do you know our Splunk app?

Download it now for free!