Questions tagged [header-injection]
14 questions
8
votes
3 answers
Adding custom headers to all boto3 requests
I need to add some custom headers to every boto3 request that is sent out. Is there a way to manage the connection itself to add these headers?
For boto2, connection.AWSAuthConnection has a method build_base_http_request which has been helpful. I've…
mmonks
- 81
- 1
- 2
3
votes
2 answers
Security: $_SERVER array sql injection in PHP
I have written a PHP function that records everything in the $_SERVER array and if there is a certain $_SERVER variable that doesn't exist in my Database, it will add that column.
My question is this: How secure does this sound to you? After…
luckybroman5
- 284
- 1
- 8
2
votes
0 answers
Encoding to Prevent Header Injection
I have a variable $filename that should be considered user input.
I use this $filename in the following:
header('Content-Disposition: inline; filename="' . $filename . '"');
How would one need to encode this to render $filename safe even when…
FamousAv8er
- 2,345
- 2
- 9
- 27
1
vote
0 answers
php mail header injection cleaning for contact form
I came up with the following script to clean my php mail contact forms. Was wondering if there is anything else that is recommended I should put in here. This is just a snippet of the code as I also pregmatch each field to only allow characters…
user756659
- 3,372
- 13
- 55
- 110
1
vote
1 answer
Does CakePHP v1.3.8 have a $this->redirect header injection?
I wrote the following code in a controller:
$this->redirect('https://example.com' . $this->here);
Does it have a header injection?
ex) http://example.com/%0dSet-Cookie:XXXX=YYYYY
Please tell me how to fix.
freddiefujiwara
- 57,041
- 28
- 76
- 106
1
vote
1 answer
.net mvc host header injection - http module - 400 Bad Request
I have a task to mitigate host header injection in an MVC app. Among other things, I want to implement a whitelist check by creating a HTTP Module.
So far, I am using something like this:
web.config entry:
…
Kershaw
- 1,124
- 1
- 7
- 18
1
vote
1 answer
How can I prevent Email Header Injection in my contact form?
I am a newbie on PHP but manage to create a working contact form. But then I got aware of Email Header Injection. How can I prevent this in best possible way? Don't want my form to be used to spam people.
This is my code:
Naguah
- 13
- 5
1
vote
1 answer
Could the nginx $host variable contain slashes?
I have the following nginx configuration:
server
{
listen 80 default;
listen [::]:80 default_server ipv6only=on;
server_name _;
root /home/user/websites/$host;
index index.html;
}
This simplifies the configuration (for my…
Alan Edwardes
- 67
- 9
1
vote
1 answer
How does header injection work?
I have read the section on header injections as described here: http://guides.rubyonrails.org/security.html. But I can't seem to walk through a step by step example of this in my head. Could someone walk me through an example of how exploiting…
Tony
- 18,776
- 31
- 129
- 193
0
votes
0 answers
How to pass backend data from database to Nginx config file docker environment
My Flask web application is deployed on docker environment along with db and nginx.I want to pass HOSTNAME from database to nginx config file . Basically , I want to add to below line to proxy.conf .
proxy_set_header Host $host;…
Ajay Prajapati
- 3
- 4
0
votes
1 answer
why does Django returns BadHeaderError when adding a new line in my 'Contact' page's 'message' field
Everything works except when I add a new line via 'enter' in the "Message" field. It goes through if I don't add new lines in the message textfield.
What am i missing here? Tried to solve this problem for 2 days, nothing similar on google.
I feel…
reivan
- 29
- 1
- 8
0
votes
1 answer
PHP FORM: Multiple Recipients based on Drop Down Selection
I need a form to send to multiple different receipients based off the user dropdown selection. Here is what I've read up on so far... I can get it to say success but I dont recieve the email. Please help!!
Html:
0
votes
2 answers
Make mail() php file safe from SQL Injections
After reading a lot of tutorials I just want to be sure to be on the safe side.
I made a contact formular which looks like this
0
votes
2 answers
php mail header injection prevention
On the php manual page for mail function, there was a user comment saying "take care to prevent header injection".
In my application, I use the mail function, and the only user input I use as a parameter to the function is the email address.
I do a…
jrharshath
- 25,975
- 33
- 97
- 127