[nycphp-talk] PHP safe from HTTP Response Splitting?
Tim Gales
tgales at tgaconnect.com
Wed Jul 21 15:08:22 EDT 2004
Chris Snyder writes:
> Was reading a coding magazine today and came across the "HTTP
> Response Splitting" attack, where a malicious user might try
> to pass newline characters and HTTP headers into a Location:
> redirect by using a $_GET var with urlencoded linebreaks.
http://www.sanctuminc.com/pdf/whitepaper_httpresponse.pdf
Page 28 of the paper recommends:
"Validate input. Remove CRs and LFs (and all other hazardous
characters) before embedding data into any HTTP response headers,
particularly when setting cookies and redirecting."
http://shiflett.org/articles/foiling-cross-site-attacks/
gives some good background on Cross-Site Scripting
vulnerabilities and offers some ideas on how one
might defend against them.
(hint: filter all foreign data)
T. Gales & Associates
'Helping People Connect with Technology'
http://www.tgaconnect.com
More information about the talk
mailing list