[WEB SECURITY] Re: [Webappsec] Tacking A Difficult Problem - Solutions HTTP Response Splitting
Amit Klein
aksecurity at gmail.com
Fri Apr 20 20:38:02 EDT 2007
James Landis wrote:
> I tested local HTTPRS caching on whatever browsers were available in
> July 2005 with no success. I can't imagine browsers are getting worse
> about it than better, but I certainly wouldn't discourage anyone from
> trying to make sure.
>
I'm sure I managed to do that in my lab, back in 2004, for IE6 SP1. And
Alex/kuza55 published his results from experimenting with the issue in
February 2007
(http://kuza55.blogspot.com/2007/02/http-response-splitting-attacks-without.html),
where he says he poisoned the cache of IE (I suppose IE6 SP2) and Opera8.
Perhaps I can try to help you to reproduce HTTP Response Splitting ->
browser cache poisoning?
-Amit
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
More information about the websecurity
mailing list