Day 11
What type of webserver attack adds more data to the response header sent to client browser?
- DNS Poisoning
- Cross Site Scripting
- Path Traversal
- SOAP attack
- HTTP response splitting
Solved
Question of the day 13/09, Cybersecurity Edition
+13
+15HTTP response splitting
Maurice Kevenaar |Veeam Vanguard 2020-2024 | Veeam Legend 2023-2024 | Twitter: @mkevenaar | Mastodon: @mkevenaar@masto.nu - https://masto.nu/@mkevenaar | Blog: https://kevenaar.name | Join the Veeam Community Hackathon: https://veeamhackathon.com/sign-up
+12I believe „Cross Site Scripting“.
The other names doesn‘t make sense to me :)
Product Management Analyst @ Veeam Software
+17HTTP response splitting
With this more data is added to a HTTP response header
Jochen (Joe) Meixner | Veeam Vanguard 2024 | Veeam Legend 2021 - 2024 | Veeam Certified Architect (VMCA) | Twitter: @JoMeix | BlueSky: @jmeixner.bsky.social
+7HTTP Response Splitting
Dipen N. K. | IT Security Specialist | Veeam Legend 2022 - 2025 | Cyber Security Space VUG Leader
+21HTTP Response Splitting
Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
+13HTTP response splitting is the good one!
By inserting, in the right place in the header of the HTTP response, some carriage return (\r) and a linefeed (\n), client will process the packet in a different way as it conceived.
Here’s an example:
Backups are like pizza, I love them. | Linkedin: @marco-fabbri-it
Comment
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.