[ic] HTTP Response Splitting
d davenport
dances_with_peons at live.com
Sat May 11 09:09:18 UTC 2013
>From: Grant
>Sent: Saturday, May 11, 2013 3:56 AM
>To: interchange-users
>Subject: [ic] HTTP Response Splitting
>
>Am I safe from HTTP Response Splitting if I use [bounce]?
>
>http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
>
>- Grant
Mostly. The [bounce] tag removes \r and \n, and the URL-encoded versions of
them, from URLs before it puts them into the header. Two other tag
attributes -- "target" and "status" do appear to make it into the header
unscrubbed. But as long as you don't let user input touch those (which
would be an outrageously bad idea anyway, for other reasons), you're fine.
For reference, the code that scrubs the URL actually specifically refers to
that article you linked. :)
/
More information about the interchange-users
mailing list