[WEB SECURITY] CRLF Injection - HTTP Response Splitting
mon.ver85 at gmail.com
Mon Apr 30 08:32:00 EDT 2012
May be this a very stupid question, however, after many unsuccessful
attempts, I would appreciate your assistance.
In testing a web application, I found that on sending the following request
I got the the following response header:
HTTP/1.1 302 Found
I tried to inject "CRLF" (%0d%0a) in value3 to perform a HTTP Response
Splitting, however, the input was always output to the response header as
text and the injected CRLF (%0d%0a) was never executed. I tried:
1. double url encoding: %250d%250a
2. encoding the attack vector to unicode 16-bit
3. injecting %0d%0a (and double encoded value) in value1 instead
4. injecting %0d%0a (and double encoded value) in value2 instead
Am I missing something trivial or any other attack vector to bypass CRLF
Injection protection/filter? Is this the right approach? Or should I safely
assume that the application is performing proper URL sanitization?
Look forward to your replies. My apologies again in case my question is
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity