Tuesday, March 13, 2018

Java: setCharacterEncoding NOT affected by HTTP Response Splitting

<% 
String attacker_controlled_charset = "ISO-8859-1%0d%0aHacked-Response-Header: 1337";
response.setCharacterEncoding(attacker_controlled_charset);
%>


No comments:

Post a Comment

secure configurations for Laravel - The PHP Framework

This framework is makes security simple to achieve.  Out of all non-default settings, the little following can be set to achieve higher secu...