Prestashop HTTP Response Splitting Vulnerability

vendor:

Prestashop

by:

5.5

CVSS

MEDIUM

HTTP Response Splitting

113

CWE

Product Name: Prestashop

Affected Version From: 1.4.4.1

Affected Version To:

Patch Exists: NO

Related CWE:

CPE: a:prestashop:prestashop:1.4.4.1

Metasploit:

Other Scripts:

Platforms Tested:

Prestashop HTTP Response Splitting Vulnerability

Prestashop is prone to an HTTP-response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data. Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid various attacks that try to entice client users into a false sense of trust.

Mitigation:

It is recommended to sanitize user-supplied data to prevent HTTP response splitting attacks. The vendor may also release a patch or update to address this vulnerability.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/50785/info

Prestashop is prone to an HTTP-response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data.

Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid various attacks that try to entice client users into a false sense of trust.

Prestashop 1 4.4.1 is vulnerable; other versions may also be affected. 

GET: http://www.example.com/admin/displayImage.php?img=<name_of_existing_file_in_md5_format>&name=asa.cmd"%0d%0a%0d%0a@echo off%0d%0aecho running batch file%0d%0apause%0d%0aexit
Note: The <name_of_existing_file_in_md5_format> is the name of one file existing on the "upload/" folder. It&#039;s name must be a MD5 hash, without any extension. ex: "435ed7e9f07f740abf511a62c00eef6e"