Java: setCharacterEncoding NOT affected by HTTP Response Splitting

<% 
String attacker_controlled_charset = "ISO-8859-1%0d%0aHacked-Response-Header: 1337";
response.setCharacterEncoding(attacker_controlled_charset);
%>


Comments

Popular posts from this blog

Bypassing referrer check with no script involved

Jumping out of Touch Screen Kiosks