Anchor CMS 0.9.2 Header Injection

2014.11.11
Credit: Paulos Yibelo
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Anchor CMS <= 0.9.2 (Current Version) header injection in anchor/models/comment.php $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=utf-8' . "\r\n"; $headers .= 'From: notifications@' . $_SERVER['HTTP_HOST'] . "\r\n"; 49: mail($to, __('comments.notify_subject'), $message, $headers); so it is possible to inject arbitary "From" headers or any header using CRLF. simply by tampering and changing the host to bad.com or bad.com\r\nNew-Header:Hacked!


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top