Java: setCharacterEncoding NOT affected by HTTP Response Splitting

<% 
String attacker_controlled_charset = "ISO-8859-1%0d%0aHacked-Response-Header: 1337";
response.setCharacterEncoding(attacker_controlled_charset);
%>


Comments

Popular posts from this blog

XSS: Gaining access to HttpOnly Cookie in 2012

The important "expires" attribute of Set-Cookie

HttpOnly Session ID in URL and Page Body | Cross Site Scripting