Is it possible to split the HTTP response in the following case:
String requestFilename = request.getParameter("name");
response.addHeader("content-disposition", "attachment; filename=" + requestFilename);
I directly add the unsanitized request parameter to the response header.
My question is that with CRLF characters we can insert our own header into the response.
So far I have tried \r\nand %0D%0A, but they do not work.
Is response.addHeader()immune to such attacks?
Can someone explain to me how this attack can be carried out?
vivek source
share