header-logo
Suggest Exploit
vendor:
osCommerce
by:
SecurityFocus
7.5
CVSS
HIGH
HTTP Response Splitting
20
CWE
Product Name: osCommerce
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

osCommerce Multiple HTTP Response Splitting Vulnerabilities

osCommerce is prone to multiple HTTP response splitting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit any of these vulnerabilities to influence or misrepresent how Web content is served, cached or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.

Mitigation:

Input validation should be used to ensure that user-supplied data does not contain malicious content.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/13979/info

osCommerce is prone to multiple HTTP response splitting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

A remote attacker may exploit any of these vulnerabilities to influence or misrepresent how Web content is served, cached or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust. 

http://www.example.com/index.php?action=buy_now&products_id=22%0d%0atest:%20poison%20headers!
http://www.example.com/index.php?action=cust_order&pid=2%0d%0atest:%20poison%20headers!

Navigation

Suggest Exploit

Services By CQR