Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection
From: "Steven M. Christey" <coley () mitre org>
Date: Thu, 27 Jul 2006 16:32:12 -0400 (EDT)


--==CRLF injection==--

GET /mybloggie/ HTTP/1.0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0)
Host: 127.0.0.1:80
Cookie: PHPSESSID=op0-11{}};q, or something like that
Connection: Close


This demonstration code does not contain any carriage return / line
feed sequences.  What is the nature of the CRLF injection?  Or are you
talking about a different kind of vulnerability?  What source code
shows where the issue is?


Thanks,
Steve


  By Date           By Thread  

Current thread:
  • Re: HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection Steven M. Christey (Jul 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]