CVE-2004-1687

Snitz Forums 2000 3.4.04 - HTTP Response Splitting

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1687. PoCs published by Maestro De-Seguridad.

AI-analyzed exploit summary This exploit demonstrates an HTTP response splitting vulnerability in Snitz Forums' 'down.asp' script. By injecting malicious headers via the 'location' parameter, an attacker can manipulate HTTP responses to serve arbitrary content.

Description

CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the location parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Maestro De-Seguridad · textwebappsasp

https://www.exploit-db.com/exploits/24604

View Code ZIP pw:eip

This exploit demonstrates an HTTP response splitting vulnerability in Snitz Forums' 'down.asp' script. By injecting malicious headers via the 'location' parameter, an attacker can manipulate HTTP responses to serve arbitrary content.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Snitz Forums (version not specified)

No auth needed

Prerequisites: Access to the 'down.asp' endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/12590

Vendor Advisory x_refsource_confirm

http://forum.snitz.com/forum/topic.asp?ARCHIVE=true&TOPIC_ID=54791

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=109537195413691&w=2

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/11201

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/17421

Scores

EPSS 0.0244

EPSS Percentile 82.2%

Details

Status published

Products (9)

snitz_communications/snitz_forums_2000 3.0

snitz_communications/snitz_forums_2000 3.1 sr4

snitz_communications/snitz_forums_2000 3.3

snitz_communications/snitz_forums_2000 3.3.01

snitz_communications/snitz_forums_2000 3.3.02

snitz_communications/snitz_forums_2000 3.3.03

snitz_communications/snitz_forums_2000 3.4.02

snitz_communications/snitz_forums_2000 3.4.03

snitz_communications/snitz_forums_2000 3.4.04

Published Sep 16, 2004

Tracked Since Feb 18, 2026