HTTP Header Injection/ HTTP Response Splitting
Hi Blockchain,
Here is Shaifullah Shaon (Black_EyE), An Ethical Hacker.
a white hat cyber security researcher from Bangladesh reporting a serious
[3'rd ranking in OWASP] security vulnerability on your system.
I faced a technical security bug called HTTP Header Injection/HTTP_Response_Splitting.
That time I saw you "Data Privacy Statement" and got that your data is very confidential und
important for your organization. That's why I am reporting for these web security vulnerability
for protecting your information's from malicious user's/ attackers/ hackers. Please patch these
security issues as early as possible.
Reference:
1. https://en.wikipedia.org/wiki/HTTP_he...
2. https://www.owasp.org/index.php/HTTP_...
Vuln Description:
HTTP header injection is a general class of web application security vulnerability which occurs when Hypertext Transfer Protocol
(HTTP) headers are dynamically generated based on user input. Header injection in HTTP responses can allow for HTTP response splitting,
Session fixation via the Set-Cookie header, cross-site scripting (XSS), and malicious redirect attacks via the location header.
HTTP header injection is a relatively new area for web-based attacks, and has primarily been pioneered by Amit Klein in his work on request/response
smuggling/splitting.
Here I am using brupsuite can redirect parmanently from blockchain.info to zugtech.com
Let's follow me,
I will show u step by step:
1. Hit blockchain.info
2. change hostname using brupsuite.
as you see now parmanently redirect from blockchain.info to zugtech.com
3. now I am hit again blockchain.info
Please See my Video Poc for understand clearly. Hopefully This is Very critical issue.
Resolve this issue as soon as possible.
Here is proof as video concept: • HTTP Header Injection/ HTTP Response ...
Thank you
Shaifullah Shaon (Black_EyE)
[email protected]
It's an Online It Section
Please Subscribe us.
Смотрите видео HTTP Header Injection/ HTTP Response Splitting онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь SQLi Basic 02 Май 2017, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 9,279 раз и оно понравилось 13 людям.