>--==CRLF injection==--
>
>GET /mybloggie/ HTTP/1.0
>Accept: */*
>User-Agent: Mozilla/4.0 (compatible; MSIE 6.0)
>Host: 127.0.0.1:80
>Cookie: PHPSESSID=op0-11{}};q, or something like that
>Connection: Close
This demonstration code does not contain any carriage return / line
feed sequences. What is the nature of the CRLF injection? Or are you
talking about a different kind of vulnerability? What source code
shows where the issue is?
Thanks,
Steve
