发布时间 :2004-12-31 00:00:00
修订时间 :2017-07-10 21:31:08

[原文]CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the thread parameter.


        w-Agora 4.1.6a版本中的subscribe_thread.php存在CRLF注入漏洞。远程攻击者可以借助thread参数完成HTTP Response Splitting攻击以修改来自服务器的预期HTML内容。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(VENDOR_ADVISORY)  FULLDISC  20040930 Multiple vulnerabilities in w-agora forum
(UNKNOWN)  BUGTRAQ  20040930 Multiple vulnerabilities in w-agora forum
(UNKNOWN)  BID  11283
(UNKNOWN)  XF  wagora-response-splitting(17558)

- 漏洞信息

中危 输入验证
2004-12-31 00:00:00 2005-10-20 00:00:00
        w-Agora 4.1.6a版本中的subscribe_thread.php存在CRLF注入漏洞。远程攻击者可以借助thread参数完成HTTP Response Splitting攻击以修改来自服务器的预期HTML内容。

- 公告与补丁

        It is reported that CVS patches are available to address these issues. Please contact the vendor for more information. A link to the W-Agora CVS repository is available in Web references.

- 漏洞信息 (24651)

W-Agora 4.1.6 a subscribe_thread.php HTTP Response Splitting (EDBID:24651)
php webapps
2004-09-30 Verified
0 Alexander Antipov
N/A [点击下载]
Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these vulnerabilities to carry out SQL injection, cross-site scripting, and HTTP response splitting attacks.
These issues were identified in W-Agora 4.1.6a, however, it is possible that other versions are also affected.


- 漏洞信息

w-Agora subscribe_thread.php HTTP Response Splitting
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

w-Agora contains a flaw that may allow a malicious user to compromise user sessions. The issue due to the "thread" parameter of "subscribe_thread" script insufficently sanitizing user supplied input. By inserting specially crafted HTML/script code, a remote attacker may be able to split the HTTP response, resulting in a loss of integrity.

- 时间线

2004-09-29 Unknow
2004-09-29 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者