Java: setCharacterEncoding NOT affected by HTTP Response Splitting

<% 
String attacker_controlled_charset = "ISO-8859-1%0d%0aHacked-Response-Header: 1337";
response.setCharacterEncoding(attacker_controlled_charset);
%>


Comments

Popular posts from this blog

XSS: Gaining access to HttpOnly Cookie in 2012

HttpOnly Session ID in URL and Page Body | Cross Site Scripting

KingRoot: failure to root ASUS ZenFone 4 Max