What is header injection

Discussion in 'PHP' started by slaydragon, Jul 28, 2008.

0
  1. #1
    What is header injection and how it post a security issue in php? Seems that there's not much online tutorial on header injection. ..
     
    slaydragon, Jul 28, 2008 IP
  2. lfhost

    lfhost Peon

    Messages:
    232
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    0
    #2
    lfhost, Jul 28, 2008 IP
  3. LogicFlux

    LogicFlux Peon

    Messages:
    2,925
    Likes Received:
    102
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Off the top of my head, I think what you're talking about is when the user is allowed(or the user finds a way) to inject information into the HTTP headers. For example, a link like : http://myinsecuresite.com/redirect.php?destination=http://yahoo.com .

    If you do this in your code: header("Location: $_GET[destination]");

    then you are allowing injection. There are probably other more potentially destructive examples.

    I'm not an expert on the subject, but there is an old programming rule: never trust user input. If you abide by that rule you can probably avoid a lot of different injection attacks.
     
    LogicFlux, Jul 28, 2008 IP
    Emie. likes this.
  4. Yousif

    Yousif Banned

    Messages:
    233
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    0
    #4
    This sort of attack allows for crafting HTTP requests into web applications and can manipulate how they are processed and used to interact with users and the server. Additionally, disable all of the HTTP methods you do not need, and finally if the HTTP methods "PUT", "OPTIONS", and "DELETE" are open, this will increase the risk of being vulnerable to HTTP Header injection. If possible, always use the "POST" variable. It eliminates most of the attacks available under the "GET" variable.
     
    Yousif, Jul 28, 2008 IP