Bugtraq mailing list archives
Re: HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection
From: "Steven M. Christey" <coley () mitre org>
Date: Thu, 27 Jul 2006 16:32:12 -0400 (EDT)
--==CRLF injection==-- GET /mybloggie/ HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0) Host: 127.0.0.1:80 Cookie: PHPSESSID=op0-11{}};q, or something like that Connection: Close
This demonstration code does not contain any carriage return / line feed sequences. What is the nature of the CRLF injection? Or are you talking about a different kind of vulnerability? What source code shows where the issue is? Thanks, Steve
Current thread:
- Re: HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection Steven M. Christey (Jul 27)