Re: Http splitting working example

From: Tim (tim-pentest@sentinelchicken.org)
Date: Fri Nov 30 2007 - 08:17:22 EST

• Next message: Gleb Paharenko: "Re: Http splitting working example"
• Previous message: Siim Põder: "Re: PHP Exploitation"
• In reply to: Gleb Paharenko: "Http splitting working example"
• Next in thread: Gleb Paharenko: "Re: Http splitting working example"
• Reply: Gleb Paharenko: "Re: Http splitting working example"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> However, as I've found, mod_proxy initiates a new connection for the
> second GET. That breaks the whole idea to exploit http splitting. Is
> it some kind of new protection feature in apache mod_cache?

It may be the typical behavior of the apache module(s), but you should
try specifying the Connection and Keep-Alive headers. For instance you
might try requests like:

GET /... HTTP/1.1
Host: test.xxx
Keep-Alive: 300
Connection: keep-alive

Which may help convince it to pipeline the requests. There may be other
relevant headers to add as well. Then again it might not help at all.

good luck,
tim

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Gleb Paharenko: "Re: Http splitting working example"
• Previous message: Siim Põder: "Re: PHP Exploitation"
• In reply to: Gleb Paharenko: "Http splitting working example"
• Next in thread: Gleb Paharenko: "Re: Http splitting working example"
• Reply: Gleb Paharenko: "Re: Http splitting working example"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:14 EDT