WebApp Sec mailing list archives
Re: [Webappsec] Tacking A Difficult Problem - Solutions HTTP Response Splitting
From: Amit Klein <aksecurity () gmail com>
Date: Sat, 21 Apr 2007 02:42:45 +0200
Arian J. Evans wrote:
<inline>On 4/20/07, *Amit Klein* <aksecurity () gmail com <mailto:aksecurity () gmail com>> wrote:Arian J. Evans wrote: > Q: "How?" > Scanner Jockey: ... > <Blink> > Okay, I think I understand what scanner folks mean. The thing is, HTTP Response Splitting can be viewed as a special case of a wider attack -HTTP Response Header injection. Through the latter attack, you can No, I mean, people think they are injecting a header into *the* response.
They do!Consider a situation like this: you have an injection point in the Location response header of a 302 response. You inject:
foo%0d%0aSet-Cookie:%20bar=baz The net result is a 302 response e.g.: HTTP/1.1 302 Redirect Location: foo Set-Cookie: bar=baz Content-Lenght: 0So cookie setting it is, through HTTP response header injection. Naturally the scanners recognize this as (also) HTTP Response Splitting (you could inject a whole new response in there). Hence the confusion.
------------------------------------------------------------------------- Sponsored by: WatchfireCross-Site Scripting (XSS) is one of the most common application-level attacks that hackers use to sneak into web applications today. This whitepaper will discuss how traditional XSS attacks are performed, how to secure your site against these attacks and check if your site is protected. Cross-Site Scripting Explained - Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fHA --------------------------------------------------------------------------
Current thread:
- Re: [Webappsec] Tacking A Difficult Problem - Solutions HTTP Response Splitting Amit Klein (Apr 20)
- Message not available
- Message not available
- Re: [Webappsec] Tacking A Difficult Problem - Solutions HTTP Response Splitting Amit Klein (Apr 20)
- Message not available
- Message not available
- Message not available
- Re: [Webappsec] Tacking A Difficult Problem - Solutions HTTP Response Splitting Amit Klein (Apr 20)
- Message not available
- Re: [Webappsec] Tacking A Difficult Problem - Solutions HTTP Response Splitting Amit Klein (Apr 20)
- Re: [Webappsec] Tacking A Difficult Problem - Solutions HTTP Response Splitting Amit Klein (Apr 20)