Jump to content
Xander

Practical HTTP Response Splitting

Recommended Posts

Posted

Ce trebuie mentionat:

Note: the PHP interpreter contains protection against the attack since version 4.4.2 and 5.1.2. See: PHP: PHP 5.1.2 Release Announcement
The security issues resolved include the following:

HTTP Response Splitting has been addressed in ext/session and in the header() function. Header() can no longer be used to send multiple response headers in a single call.

Daca versiunea este peste 5.1.2 vei primii un warning, iar functia header() nu va fi procesata:

Warning: Header may not contain more than a single header, new line detected. in /xxx/xxx/xxx.php on line x
Posted

Banuiesc ca si articolele cu XSS (exemplu) iti `suna cunoscute` .. si sunt mai multe pe forum; aceleasi subiecte aceleasi tehnici.

Si daca tot iti suna cunoscut probabil ca nu iti e adresat tie ci altora care sunt interesati.

So ? vrei sa le stergem ? sau ce vrei sa insinuezi ?

Am pus articolul "as it is" cu sursa , il citesti daca iti place (aici sau acolo), daca nu il citesti pe celalalt.

Alte probleme?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...