ecshop the latest storm path oday-vulnerability warning-the black bar safety net

ID MYHACK58:62201027860
Type myhack58
Reporter 佚名
Modified 2010-09-14T00:00:00


Brief description: /affiche.php,php5 environmental error exposure program path, php4 environment to display the written information

Detailed description: the charset parameter is not to do rigorous filtration result in an http message header truncated written

Vulnerability to prove: 0 2 0 0%20OK%0D%0A%0D%0AContent-Type:%20text/html%0D%0A%0D%0AContent-Length:%2 0 3 5%0D%0A%0D%0A%3Chtml%3Exxx%3C/html%3E%0D%0A%0D%0A