Skip to content

Commit

Permalink
[http_splitting] also checks CR injection
Browse files Browse the repository at this point in the history
  • Loading branch information
@buglloc
buglloc committed Oct 10, 2017
1 parent b14934d commit acba288
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 3 deletions.
2 changes: 1 addition & 1 deletion docs/en/plugins/httpsplitting.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

HTTP Splitting - attack that use improper input validation. It usually targets web application located behind Nginx (HTTP Request Splitting) or its users (HTTP Response Splitting).

Vulnerability is created when an attacker can insert newline character `\n` into request or into response, created by Nginx.
Vulnerability is created when an attacker can insert newline character `\n` or `\r` into request or into response, created by Nginx.

## How can I find it?
You should always pay attention to:
Expand Down
2 changes: 1 addition & 1 deletion docs/ru/plugins/httpsplitting.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
HTTP Splitting - уязвимость, возникающая из-за неправильной обработки входных данных.
Зачастую может быть для атак на приложение стоящее за Nginx (HTTP Request Splitting) или на клиентов приложения (HTTP Response Splitting).

Уязвимость возникает в случае, когда атакующий может внедрить символ перевода строки `\n` в запрос или ответ формируемый Nginx.
Уязвимость возникает в случае, когда атакующий может внедрить символ перевода строки `\n` или `\r` в запрос или ответ формируемый Nginx.

## Как самостоятельно обнаружить?
При анализе конфигурации всега стоит обращать внимание на:
Expand Down
2 changes: 1 addition & 1 deletion gixy/plugins/http_splitting.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ def audit(self, directive):
return

for var in compile_script(value):
if not var.can_contain('\n'):
if not var.can_contain('\n') and not var.can_contain('\r'):
continue
reason = 'At least variable "${var}" can contain "\\n"'.format(var=var.name)
self.add_issue(directive=[directive] + var.providers, reason=reason)
Expand Down

0 comments on commit acba288

Please sign in to comment.