Xander Posted January 5, 2012 Report Share Posted January 5, 2012 cred ca s-a mai postat asta... imi suna foarte cunoscut Quote Link to comment Share on other sites More sharing options...
denjacker Posted January 5, 2012 Report Share Posted January 5, 2012 http://securityjuggernaut.blogspot.com/2012/01/practical-http-response-splitting.html?spref=tw Quote Link to comment Share on other sites More sharing options...
Xander Posted January 5, 2012 Author Report Share Posted January 5, 2012 daca tot le ai cu sarci-ul... http://rstcenter.com/forum/45222-http-splitting.rste despre acelasi subiect... folosind aceleasi tehnici ... Quote Link to comment Share on other sites More sharing options...
h2ik Posted January 5, 2012 Report Share Posted January 5, 2012 Ce trebuie mentionat:Note: the PHP interpreter contains protection against the attack since version 4.4.2 and 5.1.2. See: PHP: PHP 5.1.2 Release AnnouncementThe security issues resolved include the following:HTTP Response Splitting has been addressed in ext/session and in the header() function. Header() can no longer be used to send multiple response headers in a single call.Daca versiunea este peste 5.1.2 vei primii un warning, iar functia header() nu va fi procesata: Warning: Header may not contain more than a single header, new line detected. in /xxx/xxx/xxx.php on line x Quote Link to comment Share on other sites More sharing options...
denjacker Posted January 5, 2012 Report Share Posted January 5, 2012 Banuiesc ca si articolele cu XSS (exemplu) iti `suna cunoscute` .. si sunt mai multe pe forum; aceleasi subiecte aceleasi tehnici. Si daca tot iti suna cunoscut probabil ca nu iti e adresat tie ci altora care sunt interesati.So ? vrei sa le stergem ? sau ce vrei sa insinuezi ?Am pus articolul "as it is" cu sursa , il citesti daca iti place (aici sau acolo), daca nu il citesti pe celalalt.Alte probleme? Quote Link to comment Share on other sites More sharing options...
PingLord Posted January 5, 2012 Report Share Posted January 5, 2012 Foarte interesant articolul.La mai multe Quote Link to comment Share on other sites More sharing options...