Home

Multiple CRLF Injection / HTTP Response Splitting Vulnerabilities In Google AdWords

Do, 14/01/2007 - 22:19 — OeX
description: 

Google AdWords is vulnerable to a new form of application attack technique called HTTP Respons splitting (aka CRLF Injection). HTTP Response Splitting enables an attacker to alter the HTTP response header structure which can leads to various range of attacks such as web cache poisoning, temporary defacement, hijacking pages or cross-site scripting (XSS). This happens since the user input is injected into the value section of http header without properly escaping/removing CRLF characters
which can leads to two HTTP responses instead of one response.

authors:
http://hackingspirits.com/vuln-rnd/vuln-rnd.html

AdjuntoTamaño
adwords-crlf-injection.pdf120.26 KB
  • 316 lecturas

Comentarios

Enviar un comentario nuevo

  • Saltos automáticos de líneas y de párrafos.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <p> <br>
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.

Más información sobre opciones de formato

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.