CVE-2008-3906

Mono <2.0 - HTTP Response Splitting

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3906. PoCs published by Juraj Skripsky.

AI-analyzed exploit summary This is a writeup describing a vulnerability in Mono 2.0 and earlier where arbitrary HTTP headers can be injected due to lack of input sanitization. The provided code snippet demonstrates how query parameters can be directly saved into cookies without validation.

Description

CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Juraj Skripsky · textremotelinux

https://www.exploit-db.com/exploits/32303

View Code ZIP pw:eip

This is a writeup describing a vulnerability in Mono 2.0 and earlier where arbitrary HTTP headers can be injected due to lack of input sanitization. The provided code snippet demonstrates how query parameters can be directly saved into cookies without validation.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Mono 2.0 and earlier

No auth needed

Prerequisites: A web application running on Mono 2.0 or earlier that processes user input without sanitization

MITRE ATT&CK