CRLF Inection at `██████████`
Low
M
Mars
Submitted None
Team Summary
Official summary from Mars
A CRLF injection vulnerability was present in the website ██████████. This vulnerability occurs when a website or application fails to properly sanitize or encode user-supplied data that contains carriage return and line feed (CRLF) sequences. The attacker can leverage this vulnerability to inject malicious headers or content into the application's responses.
Actions:
Reported by
mo3giza
Vulnerability Details
Technical details and impact analysis
## Summary:
A CRLF Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL.
## Steps To Reproduce:
Navigate to this URL
█████:
```
┌──(azab㉿kali)-[~]
└─$ curl -i ███████
HTTP/1.1 307 Temporary Redirect
Date: █████ █████████ GMT
Content-Type: text/html
Content-Length: 164
Connection: keep-alive
Server: nginx
Location: ████████
Set-Cookie: CRLF_Injection_By_ze2pac
<html>
<head><title>307 Temporary Redirect</title></head>
<body>
<center><h1>307 Temporary Redirect</h1></center>
<hr><center>nginx</center>
</body>
</html>
```
## Impact
XSS, Open Redirect, HTTP Response Splitting... etc.
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
CRLF Injection