James Landis wrote:
> I tested local HTTPRS caching on whatever browsers were available in
> July 2005 with no success. I can't imagine browsers are getting worse
> about it than better, but I certainly wouldn't discourage anyone from
> trying to make sure.
>
I'm sure I managed to do that in my lab, back in 2004, for IE6 SP1. And
Alex/kuza55 published his results from experimenting with the issue in
February 2007
(http://kuza55.blogspot.com/2007/02/http-response-splitting-attacks-without.html),
where he says he poisoned the cache of IE (I suppose IE6 SP2) and Opera8.
Perhaps I can try to help you to reproduce HTTP Response Splitting ->
browser cache poisoning?
-Amit
-------------------------------------------------------------------------
Sponsored by: Watchfire
Cross-Site Scripting (XSS) is one of the most common application-level
attacks that hackers use to sneak into web applications today. This
whitepaper will discuss how traditional XSS attacks are performed, how to
secure your site against these attacks and check if your site is protected.
Cross-Site Scripting Explained - Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fHA
--------------------------------------------------------------------------
Received on Apr 20 2007
Intro
