Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

McAfee Secure and HTTP Response Splitting


bjhampe

Recommended Posts

I have tried a few things to resolve the McAfee Secure alert for the HTTP Response Splitting vulnurability that keeps popping up. The solution that seems to be floating around is to add in the following code:

 

	// FIX for HTTP splitting vuln 
	// See http://www.gulftech.org/?node=research&article_id=00080-06102005 

	$url = eregi_replace("[\r\n]+(.*)$", "", $url); 

	// END fix

 

McAfee wants to filter all of these:

 

%0D
%0A
%0D%0A
\r
\n
\r\n

 

Can anyone help with the code modification for that?

 

Thank you.

Link to comment
Share on other sites

Well apparently, I am going to have to start looking for a new shopping cart software as the last few topics that I have posted don't seem to be getting anywhere. I understand that it is free software but the support used to be pretty good.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...