Join date: 2012-12-03
|Subject: What is HTTP Header Injection Vulnerability Wed Feb 20, 2013 3:43 pm|| |
Header is the component of HTTP requests and responces. Header fields
are transimitted with each request and responce and carry additional
data about the requests and responces.See the typical request and responce headers Here at Web-Sniffer.net
HTTP header injectionHTTP
header injection is a kind of web application vulnerability which
exists on those web applications that generatd HTTP headers based on the
input given by users. If it uses User based input in the headers, it
can be used for HTTP response splitting, cross-site scripting (XSS), Session fixation via the Set-Cookie header, and malicious redirects attacks via the location header.
recently found a similar kind of vulnerability in
http://canadaedu.apple.com and for this I was also acknowledged by Apple
[font=Arial]GET / HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
The alert box added in the Expect field could be injected for Cross Site Scripting.