|
WebApp Sec
mailing list archives
Re: XSS or HTTP Response Splitting?
From: "Amit Klein (AKsecurity)" <aksecurity () hotpop com>
Date: Tue, 04 Jan 2005 23:11:48 +0200
On 2 Jan 2005 at 11:15, Joxean Koret wrote:
My question is the following: What is the main
difference
between XSS and HTTP Response
Splitting? May be that HTTP Response
Splitting errors modifies the headers and XSS
modifies document content?
Basically - Yes. To be more precise:
HTTP Response Splitting is aimed at splitting the HTTP response
message into two (as would be interpreted by the receiver - e.g. a
cache server or a browser). Therefore, the injection must take place
at the HTTP response headers. Typically the injection would include a
Content-Length header that modifies the size of the (first) message,
followed by data which is interpreted as the second message.
XSS, on the other hand, is aimed at changing the HTML page the
reciever would interpret, so the injection typically happens at the
response body (although it is of course possible to perform XSS when
the injection happens at the HTTP response headers, if the response
status is 2xx).
Of course, there's a significant difference in the impact of the two
attacks. With HTTP Response Splitting, you CAN do XSS (particularly
in the case wherein the response status is 3xx, in which case you
can't normally do XSS), but you can also do much more, e.g. web cache
poisoning and peeking at other people's data (response pages).
Happy new year,
-Amit
------- End of forwarded message -------
 By Date 
By Thread
Current thread:
|
Intro
