Highest Voted 'response-splitting' Questions

9

votes

4 answers

Is it possible to Exploit this Line Feed?

During a security assessment on a website I found a a redirection link that was reflecting the values in the Location header. The first thing that came to my mind was CRLF injection so I tried a few variation of "%0a" and managed to include my…

cookies injection response-splitting

asked Jul 31 '15 at 15:38

Mico

377
3
16

9

votes

1 answer

Does HTTP/2 prevent security vulnerabilites like CRLF injection?

Which vulnerabilites does HTTP/2 prevent? More specifically: Does it prevent HTTP request smuggling? Does it prevent HTTP response splitting / CRLF injection?

http software web http2 response-splitting

asked Jul 23 '20 at 07:29

Machine Yadav

153
7

9

votes

2 answers

Is it possible to do HTTP header injection if CR/LF are stripped?

In HTTP response there is the following header with attacker controlled content: Content-Disposition:attachment; filename="attacker_controlled.html" The only characters that can't appear in attacker controlled value are [CR] and [LF] (they can't…

web-application attacks http injection response-splitting

asked Jul 13 '12 at 17:47

Andrei Botalov

5,267
10
45
73

8

votes

1 answer

ASP.NET HTTP Response Splitting Attack

By default ASP.NET checks for HTTP Response Splitting attack when you do…

attacks http asp.net threat-mitigation response-splitting

asked Jan 16 '12 at 18:34

Paul Podlipensky

2,837
4
21
25

7

votes

1 answer

HTTP Response Splitting and PHP

There are numerous references to HTTP Response Splitting (HRS) vulnerabilities with PHP having been resolved since 4.4.2 and 5.1.2 (E.g. https://en.wikipedia.org/wiki/HTTP_response_splitting), or for around 9 years. And yet CVE-2013-2652 reported a…

php http vulnerability response-splitting

asked Dec 21 '15 at 16:19

Henry

73
5

6

votes

1 answer

Is use of HttpServletRequest.getQueryString() for a response header vulnerable to response splitting?

I've been told that using HttpServletRequest.getQueryString() in a response header makes my application susceptible to HTTP response splitting attacks, but I just don't see how. It's clear in the case of getParameter(String), which decodes…

web-application java response-splitting

asked Nov 29 '15 at 21:40

mwl

61
3

5

votes

4 answers

Why is this response splitting attack not working?

I'm working through OWASP's "WebGoat" (version 5.4) vulnerable web application, but I'm getting stuck on one of the earliest lessons which is to do with HTTP response splitting. I've looked in all the hints and the solution (and even at all the…

web-application http http-proxy response-splitting webgoat

asked Jul 28 '13 at 20:33

Grezzo

632
1
6
12

5

votes

2 answers

What kind of cache-related attacks exists on the Web?

What kind of cache-related attacks exists in modern Web world? The only one I'm aware of is Cache Poisoning. Is there anything else I should be worrying about?

web-application response-splitting

asked Jan 17 '12 at 01:54

Paul Podlipensky

2,837
4
21
25

3

votes

1 answer

Mitigation Strategies for Response Spliting Attack

I am not going into basics of HTTP response splitting attack as above figure completing describes the working of such a attack. Previous Post have also discussed working of such a attack ASP.NET HTTP Response Splitting Attack. My question rather…

webserver threat-mitigation response-splitting

asked Dec 27 '12 at 07:39

Ali Ahmad

4,784
8
35
61

3

votes

1 answer

HTTP Response splitting - is it browser caching or server caching issue?

I am trying to wrap my head around HTTP Response splitting. Although using WebGoat etc. I was able to learn how to do it in practice, but I guess I am still confused with some very fundamental understanding of how it really works. Hoping someone…

http http-proxy caching response-splitting

asked Nov 05 '15 at 10:06

qre0ct

1,492
3
19
30

2

votes

1 answer

How to inject XSS using Response Splitting in the following scenario?

I have been pentesting for a company. I found a CRLF injection that could be done using %E5%98%8D%E5%98%8A instead of %0d%0a. So I'm using %E5%98%8D%E5%98%8A in redirection parameter for CR/LF. Here is the example of CR/LF. POST…

web-application penetration-test webserver injection response-splitting

asked Apr 08 '16 at 15:36

WebPenT

21
4

1

vote

0 answers

Is Webgoat's HTTP Splitting Attack corrupt?

This link describes my problem better: https://code.google.com/p/webgoat/issues/detail?id=42 I was doing the HTTP Splitting exercise in WebGoat. In this exercise, when you send a malformed URL, you are supposed to get TWO headers back. One header is…

web-browser http encoding response-splitting

asked Dec 18 '13 at 06:07

Rash

123
4

1

vote

3 answers

Are Modern Servers susceptible to HTTP Splitting Attacks

Note: I know how HTTP Splitting works. Note 2: I am not working in WebGoat. I am trying to make this on my own. I am trying to imitate the HTTP Splitting attack on my machine. For that I wrote this php code:

web-browser http encoding response-splitting

asked Dec 18 '13 at 05:57

Rash

123
4

1

vote

2 answers

HTTP Response Splitting

Is this apart of a HTTP Response Splitting attack ? Here below is some code that gets put into a web browser after clearing the url while on the website javascript: var xhr = new XMLHttpRequest(); xhr.open( "GET" , "google.com", false); xhr.send();…

web-browser http javascript ajax response-splitting

asked Jan 18 '13 at 10:44

noob1992

109
3

1

vote

1 answer

In which settings is it possible to launch a HTTP Response Splitting Attack but not completely replace the HTTP message?

I wondered in which settings is it possible to launch a HTTP Response Splitting Attack but not completely replace the HTTP message? The examples I saw all allowed full replacement of the HTTP response, which made me think the attacker could have…

http attacks response-splitting

asked Apr 29 '21 at 11:13

kaiya

422
1
3
11

1

2 Next

Questions tagged [response-splitting]