Vulnerabilities tagged "web"

PHP servers drop any header if the header has "\r" [@OctagonNetworks]

The title gives this one away, the `header(...)` function in PHP will issue a warning (and keep executing) without adding the header to the response if the header contains a Carriage Return (\r), New-Line (\n) or Null-byte (\x00).That functionality may not be new to you as its purpose is to kill response splitting attacks, but @OctagonNetworks presents a fresh twist on this, probably not the first to have the thought but it was a neat idea to me...
 
1
2
3
4
5
6
7