+++
title = 'HowWorks CRLF'
date = 2025-01-14
+++

> 'HowWorks' - new post type, explains how something works, in that case CRLF vulnerability 

If we can inject some data in web app that doesn't get proper validation/filtering and used in HTTP response Headers, then we can inject `\r\n` (HTTP line break, CRLF).

You can think of it as stored XSS, but instead Javascript, we inject `\r\n` which will allow to effectivly modify entire HTTP response from server to specific endpoint.

  
 
Example - set name to `username%0d%0aLocation:http://malicioussite.com/` to redirect anyone who access your username in url.

  


[Impact](https://www.imperva.com/learn/application-security/crlf-injection/):
 - XSS
 - Log Injection
 - HTTP Header Injection
 - HTTP Response Splitting
 - Log Tampering
 - Cookie Injection
 - Phishing
 - Web Cache Poisoning

  


It's a rare bug nowadays.

> Truth be told, I thought it's more complex



{{< source >}}
https://owasp.org/www-community/vulnerabilities/CRLF_Injection
https://www.imperva.com/learn/application-security/crlf-injection/
{{< /source >}}