Description The plugin retrieved IP addresses of requests via headers such X-FORWARDED to log them, allowing users to spoof them by providing an arbitrary value
As unauthenticated: curl ‘https://example.com/attacker’ -H ‘X-FORWARDED: 127.0.0.1’ Then view the logs and note that the plugin display the IP of the request as 127.0.0.1
CPE | Name | Operator | Version |
---|---|---|---|
eq | 2.1 |