| http://www.w3.org/ns/prov#value | - t is useless to us in this case.Furthermore request splitting is only useful when a user is behind a proxy (See Note at end of section), so if a user is not behind a proxy, then there is a point to spoofing headers rather than conducting a request splitting attack.Anyway, what was not mentioned in the paper was that not only can the attack be invoked through an img tag, but it can also be invoked
|
