- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 32303
- Проверка EDB
-
- Пройдено
- Автор
- JURAJ SKRIPSKY
- Тип уязвимости
- REMOTE
- Платформа
- LINUX
- CVE
- cve-2008-3906
- Дата публикации
- 2008-08-20
Код:
source: https://www.securityfocus.com/bid/30867/info
Mono is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sanitize input.
By inserting arbitrary headers into an HTTP response, attackers may be able to launch cross-site request-forgery, cross-site scripting, HTTP-request-smuggling, and other attacks.
This issue affects Mono 2.0 and earlier.
<script runat="server"> void Page_Load(object o, EventArgs e) { // Query parameter text is not checked before saving in user cookie NameValueCollection request = Request.QueryString; // Adding cookies to the response Response.Cookies["userName"].Value = request["text"]; } </script>- Источник
- www.exploit-db.com
