Home > Developer > Web Develop

HTTP Header Injection Discovery method (with case)

Source: Internet
Author: User
Tags get ip
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

0x0: Overview

Author: Dark Month Blog: www.moonsec.com

With regard to this type of injection, the traditional web vulnerability scanner is basically for get/post injection .

The detection of this type of injection becomes powerless.

0x01: Discover

0x01.1: Common HTTP may be contaminated with these parameters

    • User-agent browser version (less)
    • Referer Source (less)
    • X-forwarded-for get IP (High)
    • CLIENT_IP get IP (High)

0x01.2: Discovery Tools

The author uses the Firefox browser to demonstrate first install the browser add-ons modify headers after installation Restart Firefox Select Web Development Selection tool, the following settings:

Need to detect user-agent Referre is also how to set, select Start to determine the browser will load these parameters every time you visit the site.

0x01.3: Vulnerability Discovery

There is a loophole here is usually logged in, there is a place to record browser information, according to the author of the past audit loopholes and fuzzy testing when the presence of IP records found in a particular place.

0X0.14: Vulnerability Code

Function getip () {    if (getenv (' http_client_ip '))    {        $ip = getenv (' http_client_ip ');    }       ElseIf (getenv (' http_x_forwarded_for '))    {//Get the real IP address of the client when accessing the proxy server        $ip = getenv (' http_x_forwarded_for ');    }    ElseIf (getenv (' http_x_forwarded '))    {        $ip = getenv (' http_x_forwarded ');    }    ElseIf (getenv (' http_forwarded_for '))    {        $ip = getenv (' http_forwarded_for ');    }    ElseIf (getenv (' http_forwarded '))    {        $ip = getenv (' http_forwarded ');    }    else    {        $ip = $_server[' remote_addr ');    }    return $IP;}

0x01.5: Vulnerability Demo

HTTP_CLIENT_IP first CLIENT_IP not get to select the X-forwarded-for diagram in Http_forwarded_for:

0x02 Case Reference:

    1. Penetration DZ Official website
    2. BLUECMS Injection Vulnerability

HTTP Header Injection Discovery method (with case)

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
http header case sensitive file download with http request header method header http method header http sql injection post method case file method

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More