Other Client-Side Injection Attacks
Many of the attacks we have examined so far involve leveraging some application function to inject crafted content into application responses. The prime example of this is XSS attacks. We have also seen the technique used to capture data cross-domain via injected HTML and CSS. This section examines a range of other attacks involving injection into client-side contexts.
HTTP Header Injection
HTTP header injection vulnerabilities arise when user-controllable data is inserted in an unsafe manner into an HTTP header returned by the application. If an attacker can inject newline characters into the header he controls, he can insert additional HTTP headers into the response and can write arbitrary content into the body of the response.
This vulnerability arises most commonly in relation to the Location
and Set-Cookie
headers, but it may conceivably occur for any HTTP header. You saw previously how an application may take user-supplied input and insert it...