xss help

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

User avatar
n00b Saibot
DevNet Resident
Posts: 1452
Joined: Fri Dec 24, 2004 2:59 am
Location: Lucknow, UP, India
Contact:

Post by n00b Saibot »

shiflett wrote:The attack really is called HTTP Response Splitting, although some other names floating around are HTTP Header Injection, HTTP Request Smuggling, and CRLF Injection (ordered from most to least popular alternatives). Sometimes, renames happen when a company wants to be credited with the discovery (e.g., hoping the new name catches on more than the original). Sometimes, it's because the original name is somewhat misleading. Regardless, these efforts really just confuse the whole discipline of web application security. I try to use the original names whenever possible.
But, the PDF which is referred to in webappsec.org, whitedust.org and nearly everywhere and which I take it to the first piece of work on this issue calls it HTTP Request Smuggling... :?
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

If I even tried to understand half of what you guys are taking about, I'd drive myself insane. I understand that I will never be truly 100% secure, but reading about something and knowing it exists as a potential threat, and not doing anything about it, bugs the crap out of me!

Now, thanks to this topic, I'm going to be spending my next hour googling. :)
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
User avatar
n00b Saibot
DevNet Resident
Posts: 1452
Joined: Fri Dec 24, 2004 2:59 am
Location: Lucknow, UP, India
Contact:

Post by n00b Saibot »

scrotaye wrote:If I even tried to understand half of what you guys are taking about, I'd drive myself insane. I understand that I will never be truly 100% secure, but reading about something and knowing it exists as a potential threat, and not doing anything about it, bugs the crap out of me!

Now, thanks to this topic, I'm going to be spending my next hour googling. :)
good for you :)
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

It's not too hard to follow really - just stay current with the security issues. I suppose you could stalk Chris if you really want to stay up to date. That might be a bit weird though, so his blog is probably a safer bet...;) He also has a mountain (well, a sizeable hill) of free articles posted over on http://shiflett.org/articles . They're excellent first references since they're not overdone.
Glad you liked it. :-)
It's great to see articles a 5 year old could understand - the simplicity stands you in good stead. ;)
User avatar
shiflett
Forum Contributor
Posts: 124
Joined: Sun Feb 06, 2005 11:22 am

Post by shiflett »

n00b Saibot wrote:But, the PDF which is referred to in webappsec.org, whitedust.org and nearly everywhere and which I take it to the first piece of work on this issue calls it HTTP Request Smuggling.
I can't get to the original PDF anymore, because my requests for sanctuminc.com are redirected to watchfire.com. Are you sure about that? As for why you might see a different name elsewhere, I mentioned a few reasons for this:
shiflett wrote:Sometimes, renames happen when a company wants to be credited with the discovery (e.g., hoping the new name catches on more than the original). Sometimes, it's because the original name is somewhat misleading.
I've never heard of whitedust.org (I can't connect to that domain either), so I can't presume to guess their intentions. I should also add a third possibility - sometimes people independently discover an exploit and don't realize that it has already been discovered.
Maugrim_The_Reaper wrote:It's great to see articles a 5 year old could understand - the simplicity stands you in good stead.
Glad to hear it. :-)

One of the reviews for my book made me question whether it would be better to elaborate more, since the review is overall complimentary but describes the book as being a little too advanced for beginners. I usually feel successful when people are completely unimpressed and come away thinking the thing I've described is easy.

Shameless plug:

http://www.amazon.com/exec/obidos/ASIN/ ... hiflett-20

The review I'm referring to is by John A. Suda.
User avatar
n00b Saibot
DevNet Resident
Posts: 1452
Joined: Fri Dec 24, 2004 2:59 am
Location: Lucknow, UP, India
Contact:

Post by n00b Saibot »

shiflett wrote:I can't get to the original PDF anymore, because my requests for sanctuminc.com are redirected to watchfire.com. Are you sure about that?
I have saved the original PDF :) and yeah! I am sure about that! I read that long time ago...
shiflett wrote:I've never heard of whitedust.org (I can't connect to that domain either), so I can't presume to guess their intentions.
I have posted the link to its article on this topic in my previous post [page 2] and sorry that's whitedust.net.
shiflett wrote:I should also add a third possibility - sometimes people independently discover an exploit and don't realize that it has already been discovered.
Hmmm... there could be a possibility...
Post Reply