Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Practical HTTP Host header attacks

An anonymous reader writes: Trusting HTTP_HOST and its cousin SERVER_NAME has long been regarded as risky behavior. Nonetheless, plenty of popular web frameworks and applications still implicitly treat these user-supplied variables as entirely dependable. Practical HTTP Host header attacks introduces and illustrates two techniques that exploit such mistakes in Django, Joomla, Gallery and Varnish to poison caches and password reset emails alike. If only there was a canonical solution...
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Practical HTTP Host header attacks

Comments Filter:

"Kill the Wabbit, Kill the Wabbit, Kill the Wabbit!" -- Looney Tunes, "What's Opera Doc?" (1957, Chuck Jones)

Working...