I think the setting of the new cookie just demonstrates that phpmyadmin sends back CRLF unescaped.
The real problem is that this could be used to poison a proxy cache between the client and the server, by forging two distinct requests. The attacker can control the complete second response via the cookie and he can just send another arbitrary request as well. The proxy will think the forged second response corresponds to the second request and will cache it (including redirects or malicious javascript). The concept is described at [1]. Cheers, Stefan [1] http://seclists.org/webappsec/2004/q1/0263.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
