Vulners
Lucene search
Joovili 3.1.8 CRLF injection/HTTP response splitting Vulnerability
==================================================================
Joovili 3.1.8 CRLF injection/HTTP response splitting Vulnerability
==================================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ####################################### 1
0 I'm indoushka member from Inj3ct0r Team 1
1 ####################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
########################################################################
# Vendor: http://www.joovili.com/
# Date: 2010-09-27
# Author : indoushka
# Thanks to : Dz-Ghost Team
# Contact : 00213771818860
# Tested on : windows SP2 Francais V.(Pnx2 2.0)
########################################################################
# Exploit By indoushka
-------------
Vulnerability description:
--------------------------
This script is possibly vulnerable to CRLF injection attacks.
HTTP headers have the structure "Key: Value", where each line is separated by the CRLF combination.
If the user input is injected into the value section without properly escaping/removing CRLF characters
it is possible to alter the HTTP headers structure.
HTTP Response Splitting is a new application attack technique which enables various new attacks such as
web cache poisoning, cross user defacement,
hijacking pages with sensitive user information and cross-site scripting (XSS).
The attacker sends a single HTTP request that forces the web server to form an output stream,
which is then interpreted by the target as two HTTP responses instead of one response.
Affected items:
--------------
/public_www/browse.events.php
/public_www/browse.groups.php
/public_www/browse.music.php
/public_www/browse.users.php
/public_www/browse.videos.php
The impact of this vulnerability:
--------------------------------
Is it possible for a remote attacker to inject custom HTTP headers.
For example, an attacker can inject session cookies or HTML code.
This may conduct to vulnerabilities like XSS (cross-site scripting) or session fixation.
How to fix this vulnerability:
-----------------------------
You need to restrict CR(0x13) and LF(0x10) from the user input or properly encode the output in order to prevent the injection of custom HTTP headers.
# 0day.today [2018-01-01] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Nov 2010 00:00Current
7.1High risk
Vulners AI Score7.1