[Webappsec] [WEB SECURITY] IE 7 and Firefox Browsers Digest Authentication Request Splitting
Amit Klein
aksecurity at gmail.com
Wed Apr 25 17:38:50 EDT 2007
Stefano Di Paola wrote:
> Title IE 7 and Firefox Browsers Digest Authentication
> Request Splitting
>
>
Nice one!
> I) Short description
>
> Firefox and Internet Explorer are prone to Http Request Splitting when
> Digest Authentication occurs. If anyone wants to know about HTTP Request
> Splitting, HTTP Request Splitting attacks are described in various
> papers and advisories:
>
> 1. http://www.cgisecurity.com/lib/HTTP-Request-Smuggling.pdf
>
I think you mean
http://www.securityfocus.com/archive/1/411585
("Exploiting the XmlHttpRequest object in IE - Referrer spoofing, and a
lot more...")
It's there where I first used the term "HTTP Request Splitting". The
Smuggling paper doesn't really mention client-side aided attacks.
Regards,
-Amit
More information about the Webappsec
mailing list