Google Translater
IP Address
You are from
%%v_FLG%% %%v_IP%%
%%v_CR%% ,%%v_RG%%, %%v_CI%%
%%v_OS_IMG%% %%v_OS%%
%%v_BRW_IMG%% %%v_BRW%%
%%v_I_RESO%% %%v_RESO%% %%v_I_CLR%% %%v_CLR%%
%%v_FLG%% %%v_IP%%
%%v_CR%% ,%%v_RG%%, %%v_CI%%
%%v_OS_IMG%% %%v_OS%%
%%v_BRW_IMG%% %%v_BRW%%
%%v_I_RESO%% %%v_RESO%% %%v_I_CLR%% %%v_CLR%%
Who is online?
In total there is 1 user online :: 0 Registered, 0 Hidden and 1 Guest None
Most users ever online was 17 on Mon Nov 13, 2023 12:55 am
Visitors
What is HTTP Header Injection Vulnerability
Page 1 of 1
What is HTTP Header Injection Vulnerability
HTTP Header
HTTP Header is the component of HTTP requests and responces. Header fields are transimitted with each request and responce and carry additional data about the requests and responces.
See the typical request and responce headers Here at Web-Sniffer.net
HTTP header injection
HTTP header injection is a kind of web application vulnerability which exists on those web applications that generatd HTTP headers based on the input given by users. If it uses User based input in the headers, it can be used for HTTP response splitting, cross-site scripting (XSS), Session fixation via the Set-Cookie header, and malaicious redirects attacks via the location header.
HTTP Header is the component of HTTP requests and responces. Header fields are transimitted with each request and responce and carry additional data about the requests and responces.
See the typical request and responce headers Here at Web-Sniffer.net
HTTP header injection
HTTP header injection is a kind of web application vulnerability which exists on those web applications that generatd HTTP headers based on the input given by users. If it uses User based input in the headers, it can be used for HTTP response splitting, cross-site scripting (XSS), Session fixation via the Set-Cookie header, and malaicious redirects attacks via the location header.
[You must be registered and logged in to see this image.]
I recently found a similar kind of vulnerability in [You must be registered and logged in to see this link.] and for this I was also acknowledged by Apple on its website.
It used apache 1.3.33 that was vulnerable to the HTML and malicious javascript injection through "Expect" header.
See the responce header of the website:
It used apache 1.3.33 that was vulnerable to the HTML and malicious javascript injection through "Expect" header.
See the responce header of the website:
The alert box added in the Expect field could be injected for Cross Site Scripting.GET / HTTP/1.0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Host: canadaedu.apple.com
Cookie: PHPSESSID=3b8026225d719c6945155129c5c7335d
Connection: Close
Expect:alert(411731119275)
Pragma: no-cache
Similar topics
» Havij v1.15 Advanced SQL Injection
» WinAUTOPWN v3.0 Released - System vulnerability exploitation Framework
» AIRTEL HTTP TRICK FOR OPERA MINI HANDLER
» WinAUTOPWN v3.0 Released - System vulnerability exploitation Framework
» AIRTEL HTTP TRICK FOR OPERA MINI HANDLER
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
Thu Jan 23, 2014 5:02 pm by Administrator
» Super Boost Gmail Password Cracker Level - MC4.82.0 2014
Thu Jan 23, 2014 4:59 pm by Administrator
» Latest Facebook Credit Generator 2014
Thu Jan 23, 2014 4:55 pm by Administrator
» FaceBook Friend Bomber New Version 2014.
Thu Jan 23, 2014 4:52 pm by Administrator
» Advance Twitter Account Hacking Software 2014
Thu Jan 23, 2014 4:25 pm by Administrator
» Latest Facebook Account Hacking Software 2014
Thu Jan 23, 2014 4:22 pm by Administrator
» Wifi Password Hacker 2014
Thu Jan 23, 2014 4:18 pm by Administrator
» SIMOID UNLOCKER 3.9 (ANDROID SIMLOCK UNLOCKER)
Mon Sep 16, 2013 6:29 pm by Administrator
» Get Notification mail When Someone Tries To Log In Your Facebook Profile
Mon Sep 16, 2013 6:23 pm by Administrator