Home / os / winmobile

Python urllib HTTP Header Injection

Posted on 16 June 2016

Python's built-in URL library ("urllib2" in 2.x and "urllib" in 3.x) is vulnerable to protocol stream injection attacks (a.k.a. "smuggling" attacks) via the http scheme. If an attacker could convince a Python application using this library to fetch an arbitrary URL, or fetch a resource from a malicious web server, then these injections could allow for a great deal of access to certain internal services. URLs of the following form allow injection into the HTTP stream: http://127.0.0.1%0d%0aX-injected:%20header%0d%0ax-leftover:%20:12345/foo http://localhost%00%0d%0ax-bar:%20:12345/foo More details here: http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html Thank you, tim

 

TOP