KILLERS
───▄▀▀▀▄▄▄▄▄▄▄▀▀▀▄───
───█▒▒░░░░░░░░░▒▒█───
────█░░█░░░░░█░░█────
─▄▄──█░░░▀█▀░░░█──▄▄─
█░░█─▀▄░░░░░░░▄▀─█░░█
█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█
█░░╦─╦╔╗╦─╔╗╔╗╔╦╗╔╗░░█
█░░║║║╠─║─║─║║║║║╠─░░█
█░░╚╩╝╚╝╚╝╚╝╚╝╩─╩╚╝░░█
█▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄█




WELCOME TO KILLERS FREE FORUM THE GREAT COMMUMNITY, WHICH INCLUDES ALL ENTERTAINMENT THINGS,LIKES GAMES,MUSIC,VIDEO,MOVIES,ALSO GATES YAHOO,FACEBOOK,NIMBUZZ,ORKUT,TWITTER AND OTHER SOCIAL NETWORKS TIPS AND TRICKS, AS WELL AS ENJOY ONLINE CHAT WITH FRIENDS
 
HomePortalCalendarFAQSearchMemberlistUsergroupsRegisterLog in
Search
 
 

Display results as :
 
Rechercher Advanced Search
Log in
Username:
Password:
Log in automatically: 
:: I forgot my password
Latest topics
» SpyNet 2.6 Tutorial
Wed Jun 05, 2013 5:56 am by getara

» [B]Ssh Cracker v2.0
Mon Jun 03, 2013 12:01 am by aiyub007

» Facebook Bot Like Unlike + bot coment
Thu May 23, 2013 10:10 am by cemunk

» Get back your hacked nimbuzz ID
Fri Apr 19, 2013 10:23 am by stylish prince

» Help me guys!
Mon Apr 15, 2013 10:26 am by Vampire_lady

» [B]Mail ICQ Parser
Sun Apr 14, 2013 7:12 pm by unknown

» [B]Authentication Attacker
Sun Apr 14, 2013 7:09 pm by unknown

» [B]Mails AutoLogin by Lays [Mail.ru,bk.ru,list.ru,inbox.ru,yandex.ru
Sat Apr 13, 2013 2:30 pm by tvirus

» [CENTER][B]stream cracker and checker
Sat Apr 13, 2013 2:30 pm by tvirus

Top posters
unknown
 
storm
 
 
Vampire_lady
 
tvirus
 
→▫◊▫ĥâčķėŕ▫◊▫←
 
akshay645
 
〖the☆prince〗
 
Dreadful
 
SIR-PINOY
 
killers counter
killers counter
Killers counter
Hit Counter by Digits
Who is online?
In total there are 2 users online :: 0 Registered, 0 Hidden and 2 Guests

None
[ View the whole list ]

Most users ever online was 13 on Sun Apr 14, 2013 8:51 pm

KILLERS :: HACKING ZONE :: Hacking tips & tricksShare | .
 

 What is HTTP Header Injection Vulnerability

View previous topic View next topic Go down 
AuthorMessage
unknown
Admin


Posts: 185
Points: 522
Reputation: 0
Join date: 2012-12-03
Age: 20
Location: delhi

PostSubject: What is HTTP Header Injection Vulnerability    Wed Feb 20, 2013 3:43 pm

HTTP Header


HTTP
Header is the component of HTTP requests and responces. Header fields
are transimitted with each request and responce and carry additional
data about the requests and responces.

See the typical request and responce headers Here at Web-Sniffer.net

HTTP header injection


HTTP
header injection is a kind of web application vulnerability which
exists on those web applications that generatd HTTP headers based on the
input given by users. If it uses User based input in the headers, it
can be used for HTTP response splitting, cross-site scripting (XSS), Session fixation via the Set-Cookie header, and malicious redirects attacks via the location header.



I
recently found a similar kind of vulnerability in
http://canadaedu.apple.com and for this I was also acknowledged by Apple
on its website.

It used apache 1.3.33 that was vulnerable to the HTML and malicious javascript injection through "Expect" header.

See the responce header of the website:

Code:
[font=Arial]GET / HTTP/1.0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Host: canadaedu.apple.com
Cookie: PHPSESSID=3b8026225d719c6945155129c5c7335d
Connection: Close
Expect: <script>alert(411731119275)</script>
Pragma: no-cache[/font]


The alert box added in the Expect field could be injected for Cross Site Scripting.
Back to top Go down
View user profile http://killers.forumotion.org
 

What is HTTP Header Injection Vulnerability

View previous topic View next topic Back to top 
Page 1 of 1

 Similar topics

-
» TUTORIAL SQL INJECTION
» http://www.soldiersofthequeen.com/
» Elena - http://www.abudhabiescorts55.me/escorts/12711
» http://www.merchantcashadvances.org small business loan
» Spanish support fot metadata (http://www.imdb.es/)

Permissions in this forum:You cannot reply to topics in this forum
KILLERS :: HACKING ZONE :: Hacking tips & tricks-