PHP 'header()' HTTP Header Injection Vulnerability

An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.

The following vulnerable code and example URI are available:

<?php
header('Location: '.$_GET['url']);
print_r($_COOKIE);
?>

http://www.example.com/head1.php?url=http://example.com/head1.php%0DSet-Cookie:+NAME=foo


 

Privacy Statement
Copyright 2010, SecurityFocus