[Python-Dev] Need help to fix HTTP Header Injection vulnerability
Karthikeyan
tir.karthi at gmail.com
Wed Apr 10 07:07:03 EDT 2019
More information about the Python-Dev mailing list
Wed Apr 10 07:07:03 EDT 2019
- Previous message (by thread): [Python-Dev] Need help to fix HTTP Header Injection vulnerability
- Next message (by thread): [Python-Dev] Need help to fix HTTP Header Injection vulnerability
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> 1. Is there a library of URL / Header injection tests e.g. for fuzzing > that we could generate additional test cases with or from? https://github.com/swisskyrepo/PayloadsAllTheThings seems to contain payload related stuff but not sure how useful it is for URL parsing. > > 2. Are requests.get() and requests.post() also vulnerable? > urllib3 seems to be vulnerable as noted in https://bugs.python.org/issue36276#msg337837 . requests uses urllib3 under the hood. The last time I checked requests passed encoded URL to urllib3 where this doesn't seem to be exploitable but I could be wrong. -- Regards, Karthikeyan S -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20190410/11f90fc8/attachment.html>
- Previous message (by thread): [Python-Dev] Need help to fix HTTP Header Injection vulnerability
- Next message (by thread): [Python-Dev] Need help to fix HTTP Header Injection vulnerability
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list