Hi Achim,
Thanks for the explanation. What will be the next step for creating this
check? Obviously I am very new to this, but am eager to learn and help out!
-Daniel
On Wed, May 22, 2013 at 11:45 AM, Achim Hoffmann wrote:
> Am 22.05.2013 16:42, schrieb Vint Surf:
> > Will the open relay qual
Am 22.05.2013 16:42, schrieb Vint Surf:
> Will the open relay qualification be applicable for the HTTP Host Header
> exploit or another?
there is an open relay if the server accepts a FQDN in the GET or POST method
(URL line), this has nothing to do with the Host: header at first glance.
This was
Hi Achim,
Thanks for clarifying the SERVER_NAME. I now understand that this is set
on the webserver itself.
How best to proceed to develop the 4 tests below and any others that may be
needed?
Will the open relay qualification be applicable for the HTTP Host Header
exploit or another?
Thanks!
Hi Vint,
see my comments/answers inline.
Achim
Am 16.05.2013 18:12, schrieb Vint Surf:
> Responses in-line. Thanks!
>
>> I'm thinking in order to determine if HTTP host header can be exploited,
> we
>> would need to:
>> A) determine if SERVER_NAME, HTTP_HOST, or both have values
>> B) verify
Responses in-line. Thanks!
> I'm thinking in order to determine if HTTP host header can be exploited,
we
> would need to:
> A) determine if SERVER_NAME, HTTP_HOST, or both have values
> B) verify the URI to see if the SERVER_NAME and HTTP_HOST match?
> C) Determine if there are wildcard entries f
Sorry for the delayI will be reviewing the materials today and will be
in touch shortly regarding potential solutions in "human terms" for the
http host header attacks.
On Sat, May 11, 2013 at 11:35 AM, Andres Riancho
wrote:
> On Sat, May 11, 2013 at 4:59 AM, Achim Hoffmann
> wrote:
> > Hi
On Sat, May 11, 2013 at 4:59 AM, Achim Hoffmann wrote:
> Hi Andrés,
>
> Am 10.05.2013 23:34, schrieb Andres Riancho:
>> for mutant in mutants:
>> mutant.set_mod_value(value1)
>> response1 = send_mutant(mutant)
>>
>> mutant.set_mod_value(value2)
>> response3 = send_mutant(mutant)
>>
Achim,
On Fri, May 10, 2013 at 12:58 PM, Achim Hoffmann wrote:
> Hi Andrés
>
> I've already compiled a short list of variants of the host header attack.
> Some of them are simple to build, some of them are more tricky. Same is
> for the checks to be implemented to identify the vulnerability.
>
>
Hi Andrés
I've already compiled a short list of variants of the host header attack.
Some of them are simple to build, some of them are more tricky. Same is
for the checks to be implemented to identify the vulnerability.
The most tricky part will be that you often need 2 or 3 requests and then
com
Great :) So lets start right away. Please read the article, and try to
identify the different vulnerabilities which are present there. Once
you've got that, think about which ones could be automated with w3af
and send an email to this thread.
At this point w3af's features and code doesn't matter,
Well I'd love to take this on with some help from you, Andres!
Many thanks
-Daniel
—
Sent from Mailbox for iPhone
On Fri, May 10, 2013 at 9:11 AM, Andres Riancho
wrote:
> Lists,
> After reading "Practical HTTP Host header attacks" [0] I thought
> it would be fun to have a plugin that coul
11 matches
Mail list logo
