标头注入如何工作?
[英]How does header injection work?
问题描述
I have read the section on header injections as described here: http://guides.rubyonrails.org/security.html . 
我已经阅读了有关标题注入的部分,如下所述: http : //guides.rubyonrails.org/security.html 。 But I can't seem to walk through a step by step example of this in my head. 但是我似乎无法在脑海中一步一步地了解这个例子。 Could someone walk me through an example of how exploiting the referer header could cause issues in an application? 有人可以帮我举一个例子,说明如何利用Referer标头可能导致应用程序出现问题?
1 个解决方案
解决方案1
3 已采纳 2009-07-14 03:09:00
It is very simple: A malicious user can insert due to a vulnerability in earlier versions of Ruby and RoR a secuence of URL encoded characters “%0d%0a” that are the equivalent for “ \\r\\n ” which is a carriage-return and line-feed. 这很简单:由于Ruby和RoR早期版本中的漏洞,恶意用户可以插入URL编码字符“%0d%0a”的安全性 ,等同于“ \\ r \\ n ”,即回车和换行。
In this way a new lines in the header can be injected with new information as cookies, redirections, referers and any other information that can be used to help the attacker to commit his purpose. 这样,可以在头中的新行中注入新信息,例如cookie,重定向,引用和任何其他可用于帮助攻击者实现其目的的信息。
As example maybe the one in the link you sent is not exactly the best, but think about a cookie validation to access a private site. 作为示例,也许您发送的链接中的链接并不是最好的,但是请考虑对cookie进行验证以访问私有站点。 Some sites use to locate a cookie to a value like "true" or "1" once the user pass trough the validation process. 一旦用户通过验证过程,某些站点就会将cookie定位为“ true”或“ 1”之类的值。 If you insert into the header the cookie value without passing the validation process you should access the private pages without the need of login into the application. 如果在不通过验证过程的情况下将Cookie值插入标头中,则应访问私有页面,而无需登录到应用程序。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.