<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

WebApp Sec: XSS or HTTP Response Splitting?

XSS or HTTP Response Splitting?

From: Joxean Koret <joxeankoret_at_yahoo.es>
Date: 2 Jan 2005 11:15:40 -0000

('binary' encoding is not supported, stored as-is) Hi!

I have been discovered recently various security
issues with the ViewCVS python CGI
(http://www.securityfocus.com/archive/1/385885 )
but I'm not sure if the errors are Cross Site
Scripting Vulnerabilities and/or HTTP Response
Splitting.

My question is the following: What is the main
difference
between XSS and HTTP Response
Splitting? May be that HTTP Response
Splitting errors modifies the headers and XSS
modifies document content?

Thanks in advance to all... And Happy New Year!
Received on Jan 02 2005

This message: [ Message body ]
Next message: Ofer Shezaf: "RE: The Santy worm and Application Security"
Previous message: Paul Laudanski: "RE: The Santy worm and Application Security"
Next in thread: Amit Klein (AKsecurity): "Re: XSS or HTTP Response Splitting?"
Maybe reply: Amit Klein (AKsecurity): "Re: XSS or HTTP Response Splitting?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]