Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Webappsec] Tacking A Difficult Problem - Solutions HTTP Response Sp

from [Amit Klein] Network Security [Permanent Link]
Subject: Re: [Webappsec] Tacking A Difficult Problem - Solutions HTTP Response Splitting
Date: Sat, 21 Apr 2007 02:38:02 +0200
James Landis wrote:
I tested local HTTPRS caching on whatever browsers were available in July 2005 with no success. I can't imagine browsers are getting worse about it than better, but I certainly wouldn't discourage anyone from trying to make sure.


I'm sure I managed to do that in my lab, back in 2004, for IE6 SP1. And Alex/kuza55 published his results from experimenting with the issue in February 2007 (http://kuza55.blogspot.com/2007/02/http-response-splitting-attacks-without.html), where he says he poisoned the cache of IE (I suppose IE6 SP2) and Opera8.

Perhaps I can try to help you to reproduce HTTP Response Splitting -> browser cache poisoning?

-Amit

-------------------------------------------------------------------------
Sponsored by: Watchfire

Cross-Site Scripting (XSS) is one of the most common application-level attacks that hackers use to sneak into web applications today. This whitepaper will discuss how traditional XSS attacks are performed, how to secure your site against these attacks and check if your site is protected. Cross-Site Scripting Explained - Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fHA
--------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Webappsec] Tacking A Difficult Problem - Solutions HTTP Response Splitting, Amit Klein
Next by Date:  Re: [Webappsec] Tacking A Difficult Problem - Solutions HTTP Response Splitting, Amit Klein
Previous by Thread:  Re: [Webappsec] Tacking A Difficult Problem - Solutions HTTP Response Splitting, Amit Klein
Next by Thread:  Re: [Webappsec] Tacking A Difficult Problem - Solutions HTTP Response Splitting, Amit Klein
Indexes:  [Date] [Thread] [Top] [All Lists]