MARATHI TEAM
Welcome on the Marathi Team Forum.
To take full advantage of everything offered by
our forum, please log in if you are already a
member or join our community if you're not
yet....
Log in

I forgot my password

Top posting users this week

Nimbuzz id Maker
freebuzz is my love :D

user name

password

captcha


What is HTTP Header Injection Vulnerability

View previous topic View next topic Go down

Heart What is HTTP Header Injection Vulnerability

Post  slowdeath on Wed Feb 20, 2013 5:13 pm


HTTP Header



HTTP
Header is the component of HTTP requests and responces. Header fields
are transimitted with each request and responce and carry additional
data about the requests and responces.


See the typical request and responce headers Here at Web-Sniffer.net

HTTP header injection



HTTP
header injection is a kind of web application vulnerability which
exists on those web applications that generatd HTTP headers based on the
input given by users. If it uses User based input in the headers, it
can be used for HTTP response splitting, cross-site scripting (XSS), Session fixation via the Set-Cookie header, and malicious redirects attacks via the location header.



I
recently found a similar kind of vulnerability in
http://canadaedu.apple.com and for this I was also acknowledged by Apple
on its website.


It used apache 1.3.33 that was vulnerable to the HTML and malicious javascript injection through "Expect" header.

See the responce header of the website:

Code:
[font=Arial]GET / HTTP/1.0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Host: canadaedu.apple.com
Cookie: PHPSESSID=3b8026225d719c6945155129c5c7335d
Connection: Close
Expect: <script>alert(411731119275)</script>
Pragma: no-cache[/font]

The alert box added in the Expect field could be injected for Cross Site Scripting.
avatar
slowdeath
Owner
Owner

Posts : 216
Points : 591
Reputation : 0
Join date : 2012-12-03
Age : 24
Location : delhi

View user profile http://nimbuzz-team-coder.forumotion.org

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum