Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 04:33:28 +00:00
Code Issues Projects Releases Packages Wiki Activity

GITBOOK-4336: No subject

Browse source
This commit is contained in:
CPol 2024-05-12 19:49:11 +00:00 committed by gitbook-bot
parent 0c8c5b0ede
commit 62b192c217
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 14 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
network-services-pentesting/pentesting-web/php-tricks-esp/README.md
View file

@ -210,6 +210,20 @@ True
### HTTP headers bypass abusing PHP errors
#### Causing error after setting headers
From [**this twitter thread**](https://twitter.com/pilvar222/status/1784618120902005070?t=xYn7KdyIvnNOlkVaGbgL6A\&s=19) you can see that sending more than 1000 GET params or 1000 POST params or 20 files, PHOP is not going to be setting headers in the response.
Allowing to bypass for example CSP headers being set in codes like:
```php
<?php
header("Content-Security-Policy: default-src 'none';");
if (isset($_GET["xss"])) echo $_GET["xss"];
```
#### Filling a body before setting headers
If a **PHP page is printing errors and echoing back some input provided by the user**, the user can make the PHP server print back some **content long enough** so when it tries to **add the headers** into the response the server will throw and error.\
In the following scenario the **attacker made the server throw some big errors**, and as you can see in the screen when php tried to **modify the header information, it couldn't** (so for example the CSP header wasn't sent to the user):