[nycphp-talk] NEW PHundamentals: HTTP Response Splitting
Chris Shiflett
shiflett at php.net
Sun Sep 18 15:30:04 EDT 2005
Daniel Convissor wrote:
> In addition, the article is misnamed. The attack at hand
> isn't response splitting, which has to do with injecting
> items into header() calls.
Yeah, I thought I had missed a cool thread or something at first. :-)
For what it's worth, I think HTTP Response Splitting might make an
interesting phundamental. I guess there's not tons to say, but maybe
some people on this list have some creative ideas about what can be
done. I usually just demonstrate setting a cookie or something (and show
how this can be used for session fixation - e.g., set PHPSESSID).
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
More information about the talk
mailing list