HTTP header injection
 |
|---|
| Request methods |
| Header fields |
| Response status codes |
| Security access control methods |
| Security vulnerabilities |
HTTP header injection is a general class of
headers are dynamically generated based on user input. Header injection in HTTP responses can allow for HTTP response splitting, session fixation via the Set-Cookie header, cross-site scripting (XSS), and malicious redirect attacks via the location header. HTTP header injection is a relatively new area for web-based attacks, and has primarily been pioneered by Amit Klein in his work on request/response smuggling/splitting.[1]
Sources
- File Download Injection Offline
- OWASP HTTP request Splitting
- OWASP Testing for HTTP Splitting/Smuggling
- HTTP Smuggling in 2015
See also
References
- ^ Linhart, Klein, Heled, and Orrin: HTTP Request Smuggling, 2005, Watchfire Corporation. Retrieved on 22 December 2015
 | This World Wide Web–related article is a stub. You can help Wikipedia by expanding it. |