Full Disclosure mailing list archives
Re: Data Manipulation with X-Forwarded-For header at WordPress
From: jvoisin <julien.voisin () dustri org>
Date: Fri, 12 Mar 2021 14:16:05 +0100
I'm not sure I understand what's going on here: The "vulnerability" is that "X-Forwarded-For" can be manipulated by the client?VI. DESCRIPTION ------------------------- "X-Forwarded-For" is a HTTP header used to carry the client's original IP address. However, because these headers may very well be added by the client to the requests, if the systems/devices use IP addresses which decelerate at X-Forwarded-For header instead of original IP, various issues may be faced. If the data originating from these fields is trusted by the application developers and processed, any authorization checks originating IP address logging could be manipulated.
VII. PROOF OF CONCEPT ------------------------- Affected Component: Wordpress core Affected version Wordpress 5.1 -Add X-Forwarded-For header to the /wp-admin -You will get an error about your IP -Next go /wp-admin/admin-ajax.php and add X-Forwarded-For header again
This doesn't make any sense.There is nothing on Wordpress' website ( https://wordpress.org/news/category/security/ ) about an issue like this one, nor on the mitre's website ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35539 ).
Can you please elaborate on this issue? _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Data Manipulation with X-Forwarded-For header at WordPress Alphan YAVAS (Mar 11)
- Re: Data Manipulation with X-Forwarded-For header at WordPress jvoisin (Mar 16)