I wrote the following code in a controller:
$this->redirect('https://example.com' . $this->here);
Does it have a header injection?
ex) http://example.com/%0dSet-Cookie:XXXX=YYYYY
Please tell me how to fix.
Asked
Active
Viewed 275 times
1
Ry-
- 218,210
- 55
- 464
- 476
freddiefujiwara
- 57,041
- 28
- 76
- 106
-
what are you trying to acheive? What is $this->here? – kaklon Nov 10 '11 at 07:29
-
In this particular case, `$this->here` is the current URL, therefore it won't be possible to "inject" anything here. – Dunhamzzz Nov 10 '11 at 10:07
1 Answers
3
Nothing in CakePHP is directly vulnerable, but neither does it code defensively against it. To perform the actual redirect Controller->redirect() calls Controller->header(), which in turn calls header(). So it is the version of PHP that is in use that will dictate whether you are vulnerable to HTTP header injection or not. This vulnerability was remediated in header() in releases 4.4.2 and 5.1.2 of PHP.
However, you should never be putting untrusted or unknown content in the location header, so code defensively with whitelist validation and you'll be fine.
Cheekysoft
- 35,194
- 20
- 73
- 86