CRLF Injection

(Carriage Return (ASCII 13, \r) Line Feed (ASCII 10, \n)) %0d%0a

Vulnerability Name: CRLF Injection on [Domain name]

Vulnerability Description: In a CRLF injection vulnerability attack the attacker inserts both the carriage return and linefeed characters into user input to trick the server, the web application or the user into thinking that an object is terminated and another one has started.

[Don't forget to add your vulnerability description, the one given above is general description]

Payload: [Malicious payload]

Steps to Reproduce:

  1. Go to the [URL].

  2. Intercept it with burpsuite.

  3. Add the given payload in the Vulnerable [Parameter/Url]

  4. Forward the request

  5. You should see the custom content in response.

  6. This is CRLF Injection.

Proof-of-concept: Snapshots or video link attached.

Impact: The impact of CRLF injections vary and also include all the impacts of Cross-site Scripting to information disclosure. It can also deactivate certain security restrictions like XSS Filters and the Same Origin Policy in the victim's browsers, leaving them susceptible to malicious attacks.

Attack Scenario: [Create your own attack scenario according to the workflow of website]

Remediation: The best prevention technique is to not use users input directly inside response headers. If that is not possible, you should always use a function to encode the CRLF special characters. Another good web application security best practise is to update your programming language to a version that does not allow CR and LF to be injected inside functions that set HTTP headers.