Slashdot Mirror

← Back to Stories (view on slashdot.org)

HTTP Request Smuggling

Posted by CmdrTaco on from the this-could-get-fun dept.

cyphersteve writes "Multiple vendors are vulnerable to a new class of attack named 'HTTP Request Smuggling' that revolves around piggybacking a HTTP request inside of another HTTP request, which could let a remote malicious user conduct cache poisoning, cross-site scripting, session hijacking, as well as bypassing web application firewall protection and other attacks. HTTP Request Smuggling works by taking advantage of the discrepancies in parsing when one or more HTTP devices are between the user and the web server. CERT has ranked this attack and the associated vulnerabilties found in multiple products as High Risk. The authors (Amit Klein, Steve Orrin, Ronen Heled, and Chaim Linhart) have published a whitepaper describing this technique in detail."

7 of 99 comments (clear)

  1. Validation by ilyanep · · Score: 3, Funny

    Now let's take packet A. Do an MD5 sum (or similar) on it. Send it to the end user. Have the end user's browser do a similar check on it and send it to the server. IF the server green flags it, then show the page.

    This shouldn't become a speed problem on broadband machines because it'll only mean 2 or 3 times more packets (but you can always increase packet size).

    Call the new standard something like HTTPS 2.0.

    --
    ~Ilyanep
    To get message, take amount of carrier pigeons at each stage mod 2. Then decode binary.
  2. Re:Problem reading the PDF... by Dogers · · Score: 2, Funny

    Tried to do a copy and paste, but the lameness filter wont let me. DRM in force! ;)

    --
    I am a viral sig. Please copy me and help me spread. Thank you.
  3. piggybacking by Edzor · · Score: 2, Funny

    I like to use 'piggybacking' as well, it makes me sound technical but cool at the same time.

  4. Be very careful by Anonymous Coward · · Score: 5, Funny

    It is unethical and immoral. Some HTTP requests even time-out and have died doing this! Also be aware that some vigilante border gateway protocols have sprung up in the south looking for smuggled HTTP requests. Also new federal legislation may require all web servers to validate the HTTP request's green packets before responding.

  5. Ah! by ShaniaTwain · · Score: 2, Funny

    Yes, but if you use HTTP Request Snuggling you wont mind the extra packets.

    Everybody likes snuggling.

    --
    Starsucks
  6. patent blanket! by matt+me · · Score: 2, Funny

    Can they not just patent the technique and then sue the pants off any hackers?

  7. Re:and here's where... by drumist · · Score: 2, Funny
    Microsoft does write a few good lines of code.

    AC:

    Don't worry, we fired the guy who did this on the spot. Thanks for bringing it to our attention.

    Signed,
    Bill