Vulnerabilities > CVE-2006-5566 - Unspecified vulnerability in Webasyst LLC Shop-Script
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN webasyst-llc
exploit available
Summary
CRLF injection vulnerability in premium/index.php in Shop-Script allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the (1) links_exchange, (2) news, (3) search_with_change_category_ability, (4) logging, (5) feedback, (6) show_price, (7) register, (8) answer, (9) productID, and (10) inside parameters.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Shop-Script Multiple HTTP Response Splitting Vulnerabilities. CVE-2006-5566. Webapps exploit for php platform |
| id | EDB-ID:28845 |
| last seen | 2016-02-03 |
| modified | 2006-10-23 |
| published | 2006-10-23 |
| reporter | Debasis Mohanty |
| source | https://www.exploit-db.com/download/28845/ |
| title | Shop-Script Multiple HTTP Response Splitting Vulnerabilities |
References
- http://secunia.com/advisories/22541
- http://secunia.com/advisories/22541
- http://securityreason.com/securityalert/1791
- http://securityreason.com/securityalert/1791
- http://www.securityfocus.com/archive/1/449499/100/0/threaded
- http://www.securityfocus.com/archive/1/449499/100/0/threaded
- http://www.securityfocus.com/bid/20685
- http://www.securityfocus.com/bid/20685
- http://www.vupen.com/english/advisories/2006/4219
- http://www.vupen.com/english/advisories/2006/4219