Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://mail.python.org/pipermail/python-dev/2019-April/157027.html below:

[Python-Dev] Need help to fix HTTP Header Injection vulnerability

• Previous message (by thread): [Python-Dev] Need help to fix HTTP Header Injection vulnerability
• Next message (by thread): [Python-Dev] Need help to fix HTTP Header Injection vulnerability
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> 1. Is there a library of URL / Header injection tests e.g. for fuzzing
> that we could generate additional test cases with or from?


https://github.com/swisskyrepo/PayloadsAllTheThings seems to contain
payload related stuff but not sure how useful it is for URL parsing.

>
> 2. Are requests.get() and requests.post() also vulnerable?
>

urllib3 seems to be vulnerable as noted in
https://bugs.python.org/issue36276#msg337837 . requests uses urllib3 under
the hood. The last time I checked requests passed encoded URL to urllib3
where this doesn't seem to be exploitable but I could be wrong.

-- 
Regards,
Karthikeyan S
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20190410/11f90fc8/attachment.html>

• Previous message (by thread): [Python-Dev] Need help to fix HTTP Header Injection vulnerability
• Next message (by thread): [Python-Dev] Need help to fix HTTP Header Injection vulnerability
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4