Xander Posted January 5, 2012 Report Posted January 5, 2012 cred ca s-a mai postat asta... imi suna foarte cunoscut Quote
denjacker Posted January 5, 2012 Report Posted January 5, 2012 http://securityjuggernaut.blogspot.com/2012/01/practical-http-response-splitting.html?spref=tw Quote
Xander Posted January 5, 2012 Author Report Posted January 5, 2012 daca tot le ai cu sarci-ul... http://rstcenter.com/forum/45222-http-splitting.rste despre acelasi subiect... folosind aceleasi tehnici ... Quote
h2ik Posted January 5, 2012 Report Posted January 5, 2012 Ce trebuie mentionat:Note: the PHP interpreter contains protection against the attack since version 4.4.2 and 5.1.2. See: PHP: PHP 5.1.2 Release AnnouncementThe security issues resolved include the following:HTTP Response Splitting has been addressed in ext/session and in the header() function. Header() can no longer be used to send multiple response headers in a single call.Daca versiunea este peste 5.1.2 vei primii un warning, iar functia header() nu va fi procesata: Warning: Header may not contain more than a single header, new line detected. in /xxx/xxx/xxx.php on line x Quote
denjacker Posted January 5, 2012 Report Posted January 5, 2012 Banuiesc ca si articolele cu XSS (exemplu) iti `suna cunoscute` .. si sunt mai multe pe forum; aceleasi subiecte aceleasi tehnici. Si daca tot iti suna cunoscut probabil ca nu iti e adresat tie ci altora care sunt interesati.So ? vrei sa le stergem ? sau ce vrei sa insinuezi ?Am pus articolul "as it is" cu sursa , il citesti daca iti place (aici sau acolo), daca nu il citesti pe celalalt.Alte probleme? Quote
PingLord Posted January 5, 2012 Report Posted January 5, 2012 Foarte interesant articolul.La mai multe Quote
