Submeter #52579: Http Header Injection in [User Login History] wordpress plugin informação

TítuloHttp Header Injection in [User Login History] wordpress plugin
Descriçãohttp header injection vulnerability that could be manipulated HTTP real IP with x-forwarded-for header 1. install User Login History wordpress plugin https://wordpress.org/plugins/user-login-history/ 2. send login request with x-forwarded-for: [REDACTED_IP] 3. show spoofed IP address in dashboard POC: https://drive.google.com/file/d/1WNX8EM0XtwnIWcOZIQ_jDIMdldUyt5H8/view?usp=sharing https://drive.google.com/file/d/1z8G18Xbq31pTIOmirx03dujEvTfrdpHv/view?usp=sharing
Utilizador
 rezaduty (UID 10530)
Submissão18/11/2022 19h24 (há 4 anos)
Moderação20/11/2022 16h35 (2 days later)
EstadoAceite
Entrada VulDB214058 [WP-Polls Plugin até 2.75.x em WordPress HTTP Header REMOTE_ADDR Elevação de Privilégios]
Pontos17

VoltarVisão GeralPróximo

Do you know our Splunk app?

Download it now for free!