Web applications that do not properly sanitize user input before using it as an HTTP header value are vulnerable to header injection (also called Response Splitting). This type of attack not only allows a malicious user to control the remaining headers and body of the response the application intends to send, but also allow them to create additional responses entirely under their control.
This script is possibly vulnerable to CRLF injection attacks.
HTTP headers have the structure “Key: Value”, where each line is separated by the CRLF combination. If the user input is injected into the value section without properly escaping/removing CRLF characters it is possible to alter the HTTP headers structure. A CRLF (New line) injection adding malicious characters into HTTP headers without proper input filtering.
HTTP Response Splitting is a new application attack technique which enables various new attacks such as web cache poisoning, cross user defacement, hijacking pages with sensitive user information and cross-site scripting (XSS). The attacker sends a single HTTP request that forces the web server to form an output stream, which is then interpreted by the target as two HTTP responses instead of one response.
Is it possible for a remote attacker to inject custom HTTP headers. For example, an attacker can inject session
cookies or HTML code. This may conduct to vulnerabilities like XSS (cross-site scripting) or session fixation.
Restrict CR(0x13) and LF(0x10) from the user input or properly encode the output in order to prevent the injection of custom HTTP headers
Ensure the server security patches are up to date and that the current stable version of the software is in use.
Do not allow newline characters in input. Where possible use strict white listing.