Casual_blog/content/hacking/HowTo_CRLF.md
2024-09-03 22:36:04 +03:00

987 B

+++ title = 'HowTo CRLF' date = 2024-09-18 +++

Mostly fixed thing! May occure in some handwritten web-servers

CRLF - Carriege Return (\r) Line Feed (\n) (or %0d %0a)

Inserting \r\n into URL allow attacker to:

  • log splitting - to insert logs to server that may decieve administrator
  • HTTP response slpitting - Allows to add HTTP headers to the HTTP response
    • XSS - www.target.com/%3f%0d%0aLocation:%0d%0aContent-Type:text/html%0d%0aX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%3Ealert%28document.domain%29%3C/script%3E - disables XSS protection, set location to custom (but does it work without 302/201 status???), sets html content-type and injects javascript.
    • cookie injection
    • check another note

For example: GET /%0d%0aSet-Cookie:CRLFInjection=PreritPathak HTTP/1.1 Will add Set-Cookie:CRLFInjection=PreritPathak header to HTTP response

{{< source >}} https://www.geeksforgeeks.org/crlf-injection-attack/ {{< /source >}}