grails-nV icon indicating copy to clipboard operation
grails-nV copied to clipboard
verified publisher icon NetSPI

Spanish Button HTTP Response Splitting

Open forced-request opened this issue 11 years ago • 0 comments

I think we should leverage the spanish button to provide some sort of header injection. This could work by having the server respond with Content-Language: es, where es is passed as a GET parameter.

A malicious user can inject a CRLF, essentially creating a new line in the HTTP header.

forced-request avatar Jun 20 '14 14:06 forced-request