Jump to content
Nytro

HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Topics

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

HTTP Response Splitting, Web Cache

Poisoning Attacks, and Related Topics

White Paper

Amit Klein, Director of Security and Research

Sanctum, Inc.

March, 2004

Abstract ....................................................................................................................3
Introduction to HTTP Response Splitting ..............................................................3
Use Cases for Web Cache Poisoning .......................................................................5
The Basic Technique of HTTP Response Splitting .................................................6
Practical Considerations – The Web Server Mount Point ........................................8
Determining Where The second Response Message Starts ....................................12
Cache Poisoning– Practical Considerations..........................................................13
Cache Poisoning with Apache/2.0 – Practical Considerations................................14
Cache poisoning with NetCache 5.2 – Practical considerations .............................15
Cache Poisoning with Squid 2.4 - Practical Considerations ...................................17
Cache Poisoning and Cross Site Scripting with Internet Explorer 6.0 SP1 - Practical
Considerations ......................................................................................................19
Other Indirect Web Cache Poisoning Attacks ......................................................21
Cross User Attacks – The Theory..........................................................................22
Hijacking a Page (HTTP response) with User Sensitive Information..................23
Other Practical Aspects .........................................................................................24
HTTP Response Splitting Vulnerability in the Wild ............................................25
Research Byproducts .............................................................................................25
Recommendations ..................................................................................................28
Conclusions.............................................................................................................29
Related work ..........................................................................................................30
References...............................................................................................................30
Appendix - Lab Environment................................................................................31

Download: http://dl.packetstormsecurity.net/papers/general/whitepaper_httpresponse.pdf

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...