Revision as of 13:07, 23 October 2008 edit Van der Hoorn (talk \| contribs) Extended confirmed users, Pending changes reviewers 5,658 edits m Minor improvements ← Previous edit		Revision as of 22:40, 7 May 2009 edit undo Nurg (talk \| contribs) Extended confirmed users, Page movers, Pending changes reviewers, Rollbackers 67,070 edits m copy edit Next edit →
Line 1: {{HTTP}} '''HTTP header injection''' is a general class of [[web application]] [[security vulnerability]] which occurs when [[Hypertext Transfer Protocol]] (HTTP) [[list of HTTP headers\|headers]] are dynamically generated based on user input. Header injection in HTTP responses can allow for [[HTTP response splitting]] and [[~~Cross~~cross-site scripting]] (XSS) attacks. HTTP header injection is a relatively new area for web-based attacks, and has primarily been pioneered by Amit Klein in his work on request/response smuggling/splitting. == Sources == Line 7: * [http://www.webappsec.org/lists/websecurity/archive/2008-04/msg00003.html File Download Injection] == ~~Useful~~ Tools == * [http://www.lucid-edge.com HTTP Sniffer and HTTP Analyzer (Proxy and tunnel based)] * [http://wapiti.sf.net Wapiti Open Source Header, XSS, SQL and LDAP injection scanner] Line 13: [[Category:Web security exploits]] [[Category:HTTP]] {{internet-stub}}

HTTP header injection: Difference between revisions