Results 1 to 2 of 2

Thread: HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Attacks

  1. #1
    Senior Member
    Join Date
    Oct 2003
    Posts
    707

    HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Attacks

    Here's a white paper that I just ran into and found it to be quite interesting and informative and hopefully many of you will as well. BTW enjoy the read.

    HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Attacks


    Abstract

    “HTTP Response Splitting” is a new application attack technique which enables
    various new attacks such as web cache poisoning, cross user defacement, hijacking
    pages with sensitive user information and an old favorite, cross-site scripting (XSS).
    This attack technique, and the derived attacks from it, are relevant to most web
    environments and is the result of the application’s failure to reject illegal user input, in
    this case, input containing malicious or unexpected characters.

    Cross user defacement enables the attacker to forge a page that is sent to the victim. It can be looked at as a very localized and temporary kind of defacement, which affects one user at a time. Web cache poisoning elevates that defacement into a permanent effect on a more global scope by forging a cached page in a cache server shared among a multitude of site users.Hijacking pages with sensitive user information lets the attacker gain access to user specific information provided by the server such as health records or financial data.Cross-site scripting enables the attacker to steal other client’s credentials that are then used in conjunction with the vulnerable site. HTTP response splitting, and the derived attacks, are relevant to most web environments including Microsoft ASP, ASP.NET, IBM WebSphere, BEA WebLogic, Jakarta Tomcat, Macromedia ColdFusion/MX, Sun Microsystems SunONE; popular cache
    servers such as NetCache, Squid and Apache; and popular browsers such as Microsoft
    IE 6.0

    The HTTP response splitting vulnerability is the result of the application’s failure to
    reject illegal user input. Specifically, input containing malicious or unexpected CR
    and LF characters.

    This paper will describe the concept of the attack and provide some use cases. We
    will include a description of the basic technique and practical considerations of
    various aspects of the attack and some theoretic results in one case. Finally, we
    comment on evidence of the vulnerability in the wild, some research byproducts,
    recommendations, conclusions, related work and references. The full list of products
    we experimented with is provided in the appendix.
    Note : It's a *.pdf document which is 31 pages long. Tried to fix the lines but can't seem to figure out why they show up like that ??
    Operation Cyberslam
    \"I\'ve noticed that everybody that is for abortion has already been born.\" Author Unknown
    Microsoft Shared Computer Toolkit
    Proyecto Ututo EarthCam

  2. #2
    AO Part Timer
    Join Date
    Feb 2003
    Posts
    331
    That is a pretty good find Agent_Steal


    Even though I haven't read my way through all of it, it is good thus far. Good info on cache poisining. Good examples also.
    Bump it back up top for now

    Thanks again
    Your heart was talking, not your mind.
    -Tiger Shark

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •