Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have read the section on header injections as described here: http://guides.rubyonrails.org/security.html. But I can’t seem to walk through a step by step example of this in my head. Could someone walk me through an example of how exploiting the referer header could cause issues in an application?
It is very simple:
A malicious user can insert due to a vulnerability in earlier versions of Ruby and RoR a secuence of URL encoded characters “%0d%0a” that are the equivalent for “\r\n” which is a carriage-return and line-feed.
In this way a new lines in the header can be injected with new information as cookies, redirections, referers and any other information that can be used to help the attacker to commit his purpose.
As example maybe the one in the link you sent is not exactly the best, but think about a cookie validation to access a private site. Some sites use to locate a cookie to a value like “true” or “1” once the user pass trough the validation process. If you insert into the header the cookie value without passing the validation process you should access the private pages without the need of login into the application.