1.1 KiB
+++ title = 'HowWorks CRLF' date = 2025-01-14 +++
'HowWorks' - new post type, explains how something works, in that case CRLF vulnerability
If we can inject some data in web app that doesn't get proper validation/filtering and used in HTTP response Headers, then we can inject \r\n (HTTP line break, CRLF).
You can think of it as stored XSS, but instead Javascript, we inject \r\n which will allow to effectivly modify entire HTTP response from server to specific endpoint.
Example - set name to username%0d%0aLocation:http://malicioussite.com/ to redirect anyone who access your username in url.
- XSS
- Log Injection
- HTTP Header Injection
- HTTP Response Splitting
- Log Tampering
- Cookie Injection
- Phishing
- Web Cache Poisoning
It's a rare bug nowadays.
Truth be told, I thought it's more complex
{{< source >}} https://owasp.org/www-community/vulnerabilities/CRLF_Injection https://www.imperva.com/learn/application-security/crlf-injection/ {{< /source >}}