CRLF & cookie injection
Hi,
The following url/server are vulnerable to CRLF attack aka Carriage Return Line Feed injection. http://xxx.xxxxxxxxxxxx.xxx
When adding the characters %0D%0A in the url, it's possible to inject headers in the returned response, this leads to:
Cookie injection
An attacker can inject cookies with the desired name and value and even overwrite existing cookies.
HTTP response splitting
An attacker could alter the content of the page served and trick users with a corrupted url.
(not reproductible, Firefox returns an error "Corrupted Content Error")
curl -i -s "http://xxx.xxxxxxxxxxxx.xxx/%0D%0A..."
{}
https://www.owasp.org/index.php/CRLF_Injection
https://www.owasp.org/index.php/HTTP_Response_Splitting
https://www.outpost24.com/crlf-attacks
Best regards,
Gwen