#############################

Exploit Title : Kleeja Upload Center Script CRLF injection
Author:Ashiyane Digital Security Team
home: http://ashiyane.org/forums
version:1.0.1
software link: www.Kleeja.com
Date:Sunday - 2012 25 November
Google Dork: intext:Kleeja © 2007-2012. All rights reserved
Type: CRLF injection
Tested on:Windows7

##########################

This script is possibly vulnerable to CRLF injection attacks.
The problem is located in the file: 
/install/index.php 

Suppose you run a vulnerable website that has a member section. 
An attacker will send an email to one of your members containing a CRLF-crafted link.
This link appears to be legitimate; after all it points to your own website. 
The link might look something like the one below:
http://www.yoursite.com/somepage.php?page=%0d%0aContent-Type: text/html%0d%0aHTTP/1.1 200 OK%0d%0aContent-Type: text/html%0d%0a%0d%0a%3Chtml%3EHacker Content%3C/html%3E

##########################

* Sp Tnx To: Behrooz_Ice,Q7X,Ali_Eagle,Azazel,iman_taktaz,sha2ow,0x21HATE,A.S.P.I.R.I.N,am118,Angel--D3m0n,angola,AR455,Azad™,Black-Hole,Classic,Encoder,ERroR,Hashor 
* HASSAN20,HidDeEn,hossein19123,jooooondost,Kaz3m,ll_Invisible_ll,majidflash,megacpu,MehrdadLinux,Milad-Bushehr,MostafaBestMan,MR.SAMAN,Mute,N4H,Pr0grammer,PrinceofHacking 
* Rizux,Rz04,S!YOU.T4r.6T,Sil3nt Di3,The Smith,unique2world,Unline,V!T0N,X-HIDDEN-X 
* Crypt0,khatarnak,Milad22,MR.Vinci,Pirjo,V1R4N64R 
* And All Of My Friends  
* The Last One : My Self, Cyb3r_Inj3ct0r
##########################