Advertisement
Home arrow ITsec Advisories arrow Multiple CRLF Injection Vulnerabilities in Google ADWords
Thursday, 28 August 2008
  
 
Last week attacks
O.S.  Defs.  %
Linux  16131  83.52%
Win 2003  2043  10.58%
FreeBSD  600  3.11%
Win 2000  241  1.25%
SolarisSunOS  144  0.75%
Other  154  0.80%

Total attacks: 19313 of which 9056 single ip and 10257 mass defacements

Main Menu
Home
Digital Warfare
Geopolitics
ITsec News
ITsec Advisories
Test Drive
360°
Digital Attacks Archive
Zone-H events
Publications
Zone-H Friends/Partners
Contact Us
Search
Download Area
Zone-H forum
About this website
Login Form





Lost Password?
No account yet? Register
Visitors' Map
Multiple CRLF Injection Vulnerabilities in Google ADWords PDF Print E-mail
User Rating: / 2
PoorBest 
Written by Marcelo Almeida (Vympel)   
Friday, 15 December 2006
Copyright © 2006 Debasis Mohanty
Multiple CRLF Injection / HTTP Response Splitting
Vulnerabilities In Google AdWords
14th Dec, 2006
Vendor Name: Google
Product Name: Google AdWords (https://adwords.google.com/)
I. Descriptions:
Google AdWords is vulnerable to a new form of application attack technique called HTTP Response
splitting (aka CRLF Injection). HTTP Response Splitting enables an attacker to alter the HTTP
response header structure which can leads to various range of attacks such as web cache poisoning,
temporary defacement, hijacking pages or cross-site scripting (XSS).
This happens since the user input is injected into the value section of http header without properly escaping/removing CRLF characters which can leads to two HTTP responses instead of one response...


II. Affected Links:
GET /select/ProfessionalWelcome?hl=%0d%0afakeheader&null=Go HTTP/1.0
GET /select/Login?hl= hl=%0d%0afakeheader&null=Go HTTP/1.0
III. Proof-of-concept:
[Request Details]
Screenshot a: Custom HTTP response added to “hl” parameter
Copyright © 2006 Debasis Mohanty
[Response Header]
IV. Solution:
Sanitize CR(0x13) and LF(0x10) from the user input or properly encode the output in order to prevent
the injection of custom.
V. History:
11/20/2006 – Vendor Reported
11/20/2006 – Vendor replied back and asked for time to investigate
11/21/2006 – Vendor confirmed the report and asked for time to fix
11/21/2006 – Vendor replied saying, fix will be applied before 14th Dec
12/14/2006 – Public Disclosure
VI. Credits:
Debasis Mohanty
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
www.hackingspirits.com
For more vulnerabilities visit –
http://hackingspirits.com/vuln-rnd/vuln-rnd.html
Original article


Comments Index (Total Messages: 0)


Post Reply
Name:Guest
Title:
Comment:



Enter this security word

Powered by a Zone-H(ified) version of AkoComment 3.0!


DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The   author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice.
 
< Prev   Next >
[ Back ]
 
Top!
© 2008 Zone-H.org
Joomla! is Free Software released under the GNU/GPL License.
 Top!