Cyber Security Expo
 
HTTP Response Splitting by Diabolic Crab on 19/04/05

This is a fairly new web application vulnerability. It can be used for the following purposes. Cross site scripting (XSS): This is a very common and old form of vulnerability where it allows the user execution of html or java script code which can then lead to the hijacking of the user's cookie or session. They even allow _javascript code execution and maybe used to exploit other vulnerabities in browsers with more anonymity. Cross user defacement: This is a form of temporary defacement where the website, may looked defaced to a particular user. This is used in cases of information, id, or password theft. This enables an attacker to make the website look defaced to a particular single user, thus allowing the attacker to steal session data, cookies. It also allows the attacker to steal login information by forging a fake login screen for the website, thus allowing account compromise.

Web cache poisoning: In this form a rather larger defacement takes place where a cache is poisoned which is used by multiple users, thus making them think the site has been defaced, or that the site they are seeing is the genuine site when its not. In this case the attacker uses a proxy server etc and calls the vulnerable page using it to fool the cache into cacheing the second server response over which the attacker as complete control thus making the website defaced for anyone who uses or shares that cache server or proxy server. Uses for such an attack would vary vastly, some being: Defacement as it causes everyone who uses that cache or proxy to see the website as defaced. The second being phising, in which by showing a false page loaded by the attacker we can cause many users to give up private credit card numbers, user names, passwords and other confidential information.

Hijacking pages: This allows user access to sensitive information, which might be confidential or not normally accessible to the user. With this the attacker can recieve the servers response to the client allowing sensitive data from the server to the client to be stolen by the attacker.

Browser cache poisoning: This is simmilar to XSS, the only difference being that the attacker forces the browser to cache the web page thus forming a long lasting defacement till the browser's cache has been cleared or cleaned.

This document is in PDF format. To view it click here.

Rate this article

All images, content & text (unless other ownership applies) are © copyrighted 2000 -  , Infosecwriters.com. All rights reserved. Comments are property of the respective posters.