HTTP Response Smuggling\u00a0:-<\/strong><\/p>\nData enters a web application through an untrusted source, most frequently an HTTP request.<\/p>\n
The data is included in an HTTP response header sent to a web user without being validated for malicious characters.<\/p>\n
HTTP Response Smuggling is a means to an end, not an end in itself. At its root, the attack is straightforward: an attacker passes malicious data to a vulnerable application, and the application includes the data in an HTTP response header.<\/p>\n
To mount a successful exploit, the application must allow input that contains CR (carriage return, also given by %0d or \\r) and LF (line feed, also given by %0a or \\n)characters into the header AND the underlying platform must be vulnerable to the injection of such characters. These characters not only give attackers control of the remaining headers and body of the response the application intends to send, but also allow them to create additional responses entirely under their control.<\/p>\n
Proof of Concept :-<\/strong><\/p>\nAffected URL :- https:\/\/www.dropcam.com\/marketing\/static\/css\/<\/p>\n
HTTP Request :-<\/p>\n
GET \/marketing\/static\/css\/%0ahackedby%3aosama%3dvuln HTTP\/1.1
\nHost: www.dropcam.com
\nUser-Agent: Mozilla\/5.0 (Windows NT 6.3; WOW64; rv:30.0) Gecko\/20100101 Firefox\/30.0
\nAccept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8
\nAccept-Language: en-US,en;q=0.5
\nAccept-Encoding: gzip, deflate
\nDNT: 1
\nConnection: keep-alive<\/p>\n
Response :-<\/p>\n
![\"dropcam-poc\"](\"http:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/08\/dropcam-poc-1024x409.png\")
<\/p>\n
Conclusion :-<\/strong><\/p>\nThis vulnerability has been confirmed and patched by Dropcam\u00a0Security Team. I would like to thank them for their quick response to my report.<\/p>\n
![\"dropcam-reward\"](\"http:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/08\/dropcam-reward.png\")
<\/p>\n
Status : Fixed!<\/strong>
\nHall of Fame : Yes!<\/strong>
\nBounty: $50 (not what i expected) \ud83d\ude00<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"Ch. Muhammad Osama, an independent vulnerability researcher has discovered a HTTP Response Smuggling\u00a0vulnerability in Dropcam website\u00a0www.dropcam.com. HTTP Response Smuggling\u00a0:- Data enters a web application through an untrusted source, most frequently an HTTP request. The data is included in an HTTP response header sent to a web user without being validated […]<\/p>\n","protected":false},"author":1,"featured_media":63,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[27,28,6,29,30,8],"class_list":["post-62","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-poc","tag-dropcam","tag-http","tag-poc","tag-response","tag-smuggling","tag-vulnerability"],"yoast_head":"\n
HTTP Response Smuggling in Dropcam - Blog - Choudhary Muhammad Osama<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.chmosama.com\/blog\/http-response-smuggling-in-dropcam\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HTTP Response Smuggling in Dropcam - Blog - Choudhary Muhammad Osama\" \/>\n<meta property=\"og:description\" content=\"Ch. Muhammad Osama, an independent vulnerability researcher has discovered a HTTP Response Smuggling\u00a0vulnerability in Dropcam website\u00a0www.dropcam.com. HTTP Response Smuggling\u00a0:- Data enters a web application through an untrusted source, most frequently an HTTP request. The data is included in an HTTP response header sent to a web user without being validated […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.chmosama.com\/blog\/http-response-smuggling-in-dropcam\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Choudhary Muhammad Osama\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/chmosama\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/chmosama\" \/>\n<meta property=\"article:published_time\" content=\"2015-03-30T01:34:03+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-12-24T10:14:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/08\/dropcam.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2048\" \/>\n\t<meta property=\"og:image:height\" content=\"1152\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Choudhary Muhammad Osama\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ChMuhammadOsama\" \/>\n<meta name=\"twitter:site\" content=\"@ChMuhammad\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Choudhary Muhammad Osama\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.chmosama.com\/blog\/http-response-smuggling-in-dropcam\/\",\"url\":\"https:\/\/www.chmosama.com\/blog\/http-response-smuggling-in-dropcam\/\",\"name\":\"HTTP Response Smuggling in Dropcam - Blog - Choudhary Muhammad Osama\",\"isPartOf\":{\"@id\":\"https:\/\/www.chmosama.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.chmosama.com\/blog\/http-response-smuggling-in-dropcam\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.chmosama.com\/blog\/http-response-smuggling-in-dropcam\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/08\/dropcam.jpg\",\"datePublished\":\"2015-03-30T01:34:03+00:00\",\"dateModified\":\"2017-12-24T10:14:02+00:00\",\"author\":{\"@id\":\"https:\/\/www.chmosama.com\/blog\/#\/schema\/person\/1e5073e7a2fb381ec0503b87b16ba4c7\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.chmosama.com\/blog\/http-response-smuggling-in-dropcam\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.chmosama.com\/blog\/http-response-smuggling-in-dropcam\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.chmosama.com\/blog\/http-response-smuggling-in-dropcam\/#primaryimage\",\"url\":\"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/08\/dropcam.jpg\",\"contentUrl\":\"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/08\/dropcam.jpg\",\"width\":2048,\"height\":1152,\"caption\":\"dropcam\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.chmosama.com\/blog\/http-response-smuggling-in-dropcam\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.chmosama.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"HTTP Response Smuggling in Dropcam\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.chmosama.com\/blog\/#website\",\"url\":\"https:\/\/www.chmosama.com\/blog\/\",\"name\":\"Blog - Choudhary Muhammad Osama\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.chmosama.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.chmosama.com\/blog\/#\/schema\/person\/1e5073e7a2fb381ec0503b87b16ba4c7\",\"name\":\"Choudhary Muhammad Osama\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.chmosama.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3d3ebe72135073f739b9d6cc1c93ea0a0f40e9393eb5305a78f0d70435ad2f6c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3d3ebe72135073f739b9d6cc1c93ea0a0f40e9393eb5305a78f0d70435ad2f6c?s=96&d=mm&r=g\",\"caption\":\"Choudhary Muhammad Osama\"},\"description\":\"This is Choudhary Muhammad Osama, a highly accomplished Penetration Tester, Security Analyst and Linux Administration enthusiast, with extensive experience in implementing, maintaining, securing and pentesting web applications and networks.\",\"sameAs\":[\"https:\/\/www.chmosama.com\",\"https:\/\/www.facebook.com\/chmosama\",\"https:\/\/x.com\/ChMuhammadOsama\"],\"url\":\"http:\/\/www.chmosama.com\/blog\/author\/chmosama\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"HTTP Response Smuggling in Dropcam - Blog - Choudhary Muhammad Osama","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.chmosama.com\/blog\/http-response-smuggling-in-dropcam\/","og_locale":"en_US","og_type":"article","og_title":"HTTP Response Smuggling in Dropcam - Blog - Choudhary Muhammad Osama","og_description":"Ch. Muhammad Osama, an independent vulnerability researcher has discovered a HTTP Response Smuggling\u00a0vulnerability in Dropcam website\u00a0www.dropcam.com. HTTP Response Smuggling\u00a0:- Data enters a web application through an untrusted source, most frequently an HTTP request. The data is included in an HTTP response header sent to a web user without being validated […]","og_url":"https:\/\/www.chmosama.com\/blog\/http-response-smuggling-in-dropcam\/","og_site_name":"Blog - Choudhary Muhammad Osama","article_publisher":"https:\/\/www.facebook.com\/chmosama","article_author":"https:\/\/www.facebook.com\/chmosama","article_published_time":"2015-03-30T01:34:03+00:00","article_modified_time":"2017-12-24T10:14:02+00:00","og_image":[{"width":2048,"height":1152,"url":"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/08\/dropcam.jpg","type":"image\/jpeg"}],"author":"Choudhary Muhammad Osama","twitter_card":"summary_large_image","twitter_creator":"@ChMuhammadOsama","twitter_site":"@ChMuhammad","twitter_misc":{"Written by":"Choudhary Muhammad Osama","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.chmosama.com\/blog\/http-response-smuggling-in-dropcam\/","url":"https:\/\/www.chmosama.com\/blog\/http-response-smuggling-in-dropcam\/","name":"HTTP Response Smuggling in Dropcam - Blog - Choudhary Muhammad Osama","isPartOf":{"@id":"https:\/\/www.chmosama.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.chmosama.com\/blog\/http-response-smuggling-in-dropcam\/#primaryimage"},"image":{"@id":"https:\/\/www.chmosama.com\/blog\/http-response-smuggling-in-dropcam\/#primaryimage"},"thumbnailUrl":"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/08\/dropcam.jpg","datePublished":"2015-03-30T01:34:03+00:00","dateModified":"2017-12-24T10:14:02+00:00","author":{"@id":"https:\/\/www.chmosama.com\/blog\/#\/schema\/person\/1e5073e7a2fb381ec0503b87b16ba4c7"},"breadcrumb":{"@id":"https:\/\/www.chmosama.com\/blog\/http-response-smuggling-in-dropcam\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.chmosama.com\/blog\/http-response-smuggling-in-dropcam\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.chmosama.com\/blog\/http-response-smuggling-in-dropcam\/#primaryimage","url":"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/08\/dropcam.jpg","contentUrl":"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/08\/dropcam.jpg","width":2048,"height":1152,"caption":"dropcam"},{"@type":"BreadcrumbList","@id":"https:\/\/www.chmosama.com\/blog\/http-response-smuggling-in-dropcam\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.chmosama.com\/blog\/"},{"@type":"ListItem","position":2,"name":"HTTP Response Smuggling in Dropcam"}]},{"@type":"WebSite","@id":"https:\/\/www.chmosama.com\/blog\/#website","url":"https:\/\/www.chmosama.com\/blog\/","name":"Blog - Choudhary Muhammad Osama","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.chmosama.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.chmosama.com\/blog\/#\/schema\/person\/1e5073e7a2fb381ec0503b87b16ba4c7","name":"Choudhary Muhammad Osama","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.chmosama.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/3d3ebe72135073f739b9d6cc1c93ea0a0f40e9393eb5305a78f0d70435ad2f6c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3d3ebe72135073f739b9d6cc1c93ea0a0f40e9393eb5305a78f0d70435ad2f6c?s=96&d=mm&r=g","caption":"Choudhary Muhammad Osama"},"description":"This is Choudhary Muhammad Osama, a highly accomplished Penetration Tester, Security Analyst and Linux Administration enthusiast, with extensive experience in implementing, maintaining, securing and pentesting web applications and networks.","sameAs":["https:\/\/www.chmosama.com","https:\/\/www.facebook.com\/chmosama","https:\/\/x.com\/ChMuhammadOsama"],"url":"http:\/\/www.chmosama.com\/blog\/author\/chmosama\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/posts\/62","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/comments?post=62"}],"version-history":[{"count":2,"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/posts\/62\/revisions"}],"predecessor-version":[{"id":195,"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/posts\/62\/revisions\/195"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/media\/63"}],"wp:attachment":[{"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/media?parent=62"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/categories?post=62"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/tags?post=62"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}