Response splitting can be described as a flaw that an attacker could exploit to inject data in the HTTP response header. By injecting data in the header the attacker can trick the browser of the user to perform malicious activities. This attack does not directly attack the server but is used to exploit the client.
An example would be a web application taking an input from the user via the GET
method and then redirecting the user to a new web page depending on the value that the user sent. A typical scenario would be the user selecting a region and application redirecting the user to a web page tailored for that region.
The following PHP code would set the Location
field in the response to the users when they are redirected to the new page:
<?php Header("Location: http://fakewebsite.com/regions.php?region=".$_GET['region'] ); /* This code will set the location field in the header . */ Exit; ?>
If the user selects the region
as India
, the Location
field in the...