Hi all, May be this a very stupid question, however, after many unsuccessful attempts, I would appreciate your assistance. In testing a web application, I found that on sending the following request header: GET /path/path-contd/resource.asp?key1=value1&key2=value2&key3=value3 HTTP/1.1 .... I got the the following response header: HTTP/1.1 302 Found Date: xxxx Server: xxxx Location: https:// <full-domain>/path/path-contd/resource.asp?https=redirect&key1=value1&key2=value2&key3=value3 .... I tried to inject "CRLF" (%0d%0a) in value3 to perform a HTTP Response Splitting, however, the input was always output to the response header as text and the injected CRLF (%0d%0a) was never executed. I tried: 1. double url encoding: %250d%250a 2. encoding the attack vector to unicode 16-bit 3. injecting %0d%0a (and double encoded value) in value1 instead 4. injecting %0d%0a (and double encoded value) in value2 instead Am I missing something trivial or any other attack vector to bypass CRLF Injection protection/filter? Is this the right approach? Or should I safely assume that the application is performing proper URL sanitization? Look forward to your replies. My apologies again in case my question is naive. Br, m0n