Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Webappsec] Tacking A Difficult Problem - Solutions HTTP Response Sp

from [Amit Klein] Network Security [Permanent Link]
Subject: Re: [Webappsec] Tacking A Difficult Problem - Solutions HTTP Response Splitting
Date: Sat, 21 Apr 2007 02:42:45 +0200
Arian J. Evans wrote:
<inline>
On 4/20/07, *Amit Klein* <aksecurity@gmail.com <mailto:aksecurity@gmail.com>> wrote:

    Arian J. Evans wrote:
    > Q: "How?"
    > Scanner Jockey: ...
    > <Blink>
    >

Okay, I think I understand what scanner folks mean. The thing is, HTTP
Response Splitting can be viewed as a special case of a wider attack -
HTTP Response Header injection. Through the latter attack, you can

No, I mean, people think they are injecting a header into *the* response.

They do!

Consider a situation like this: you have an injection point in the Location response header of a 302 response. You inject:
foo%0d%0aSet-Cookie:%20bar=baz

The net result is a 302 response e.g.:

HTTP/1.1 302 Redirect
Location: foo
Set-Cookie: bar=baz
Content-Lenght: 0

So cookie setting it is, through HTTP response header injection. Naturally the scanners recognize this as (also) HTTP Response Splitting (you could inject a whole new response in there). Hence the confusion.



-------------------------------------------------------------------------
Sponsored by: Watchfire

Cross-Site Scripting (XSS) is one of the most common application-level attacks that hackers use to sneak into web applications today. This whitepaper will discuss how traditional XSS attacks are performed, how to secure your site against these attacks and check if your site is protected. Cross-Site Scripting Explained - Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fHA
--------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Webappsec] Tacking A Difficult Problem - Solutions HTTP Response Splitting, Amit Klein
Next by Date:  WASC-Articles: 'The business case for security frameworks', announcements
Previous by Thread:  Re: [Webappsec] Tacking A Difficult Problem - Solutions HTTP Response Splitting, Amit Klein
Next by Thread:  WASC-Articles: 'The business case for security frameworks', announcements
Indexes:  [Date] [Thread] [Top] [All Lists]