Welcome on the Marathi Team Forum.
To take full advantage of everything offered by
our forum, please log in if you are already a
member or join our community if you're not
Log in

I forgot my password

Top posting users this week

Nimbuzz id Maker
freebuzz is my love :D

user name



What is HTTP Header Injection Vulnerability

Go down

Heart What is HTTP Header Injection Vulnerability

Post  slowdeath on Wed Feb 20, 2013 5:13 pm

HTTP Header

Header is the component of HTTP requests and responces. Header fields
are transimitted with each request and responce and carry additional
data about the requests and responces.

See the typical request and responce headers Here at

HTTP header injection

header injection is a kind of web application vulnerability which
exists on those web applications that generatd HTTP headers based on the
input given by users. If it uses User based input in the headers, it
can be used for HTTP response splitting, cross-site scripting (XSS), Session fixation via the Set-Cookie header, and malicious redirects attacks via the location header.

recently found a similar kind of vulnerability in and for this I was also acknowledged by Apple
on its website.

It used apache 1.3.33 that was vulnerable to the HTML and malicious javascript injection through "Expect" header.

See the responce header of the website:

[font=Arial]GET / HTTP/1.0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Cookie: PHPSESSID=3b8026225d719c6945155129c5c7335d
Connection: Close
Expect: <script>alert(411731119275)</script>
Pragma: no-cache[/font]

The alert box added in the Expect field could be injected for Cross Site Scripting.

Posts : 216
Points : 591
Reputation : 0
Join date : 2012-12-03
Age : 25
Location : delhi

View user profile

Back to top Go down

Back to top

- Similar topics

Permissions in this forum:
You cannot reply to topics in this forum