MARATHI TEAM

Welcome on the Marathi Team Forum.
To take full advantage of everything offered by
our forum, please log in if you are already a
member or join our community if you're not
yet....

Join the forum, it's quick and easy

MARATHI TEAM

Welcome on the Marathi Team Forum.
To take full advantage of everything offered by
our forum, please log in if you are already a
member or join our community if you're not
yet....

MARATHI TEAM

Would you like to react to this message? Create an account in a few clicks or log in to continue.

Latest topics

» Recover your id hacked or blocked v 1.0
What is HTTP Header Injection Vulnerability Empty

Sun Aug 24, 2014 8:48 pm by samir alam

» Mobile Server Available 24/7 Online Service Feel Free For Use
What is HTTP Header Injection Vulnerability Empty

Wed Mar 12, 2014 3:44 pm by pithu-karam

» VENDOR OF HIGH QUALITY FIRST HAND DUMPS !!! SELL CVV FRESH-PAYPAL-TRANSFER WU
What is HTTP Header Injection Vulnerability Empty

Mon Jan 27, 2014 11:53 pm by gooddumpcc4u

» VENDOR OF HIGH QUALITY FIRST HAND DUMPS !!! SELL CVV FRESH-PAYPAL-TRANSFER WU
What is HTTP Header Injection Vulnerability Empty

Mon Jan 27, 2014 11:52 pm by gooddumpcc4u

» VENDOR OF HIGH QUALITY FIRST HAND DUMPS !!! SELL CVV FRESH-PAYPAL-TRANSFER WU
What is HTTP Header Injection Vulnerability Empty

Mon Jan 27, 2014 11:51 pm by gooddumpcc4u

» VENDOR OF HIGH QUALITY FIRST HAND DUMPS !!! SELL CVV FRESH-PAYPAL-TRANSFER WU
What is HTTP Header Injection Vulnerability Empty

Mon Jan 27, 2014 11:50 pm by gooddumpcc4u

» VENDOR OF HIGH QUALITY FIRST HAND DUMPS !!! SELL CVV FRESH-PAYPAL-TRANSFER WU
What is HTTP Header Injection Vulnerability Empty

Mon Jan 27, 2014 11:50 pm by gooddumpcc4u

What is HTTP Header Injection Vulnerability

MARATHI TEAM :: HACKING ZONE :: Hacking tips & tricks

Page 1 of 1

What is HTTP Header Injection Vulnerability

Post slowdeath Wed Feb 20, 2013 5:13 pm

HTTP Header

HTTP
Header is the component of HTTP requests and responces. Header fields
are transimitted with each request and responce and carry additional
data about the requests and responces.

See the typical request and responce headers Here at Web-Sniffer.net

HTTP header injection

HTTP
header injection is a kind of web application vulnerability which
exists on those web applications that generatd HTTP headers based on the
input given by users. If it uses User based input in the headers, it
can be used for HTTP response splitting, cross-site scripting (XSS), Session fixation via the Set-Cookie header, and malicious redirects attacks via the location header.

What is HTTP Header Injection Vulnerability Network-security-auditing

What is HTTP Header Injection Vulnerability Network-security-auditing

I
recently found a similar kind of vulnerability in
http://canadaedu.apple.com and for this I was also acknowledged by Apple
on its website.

It used apache 1.3.33 that was vulnerable to the HTML and malicious javascript injection through "Expect" header.

See the responce header of the website:

Code:: [font=Arial]GET / HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: canadaedu.apple.com Cookie: PHPSESSID=3b8026225d719c6945155129c5c7335d Connection: Close Expect: <script>alert(411731119275)</script> Pragma: no-cache[/font]

The alert box added in the Expect field could be injected for Cross Site Scripting.

slowdeath: Owner; Posts : 216
Points : 591
Reputation : 0
Join date : 2012-12-03
Age : 31
Location : delhi

Mon	Tue	Wed	Thu	Fri	Sat	Sun
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30