CRLF injection in BBC POC | BugBounty | karthithehacker

CRLF injection in http://theapp.bbcstudios.com:80/%0Acr...

Bug name :- CRLF injection
Impact :- CRLF injection in a log file , HTTP response splitting, HTTP header injection , XSS

Description :-

In a CRLF injection attack, the attacker inserts the carriage return and linefeed characters into user input to trick the server, the web application, or the user into thinking that an object has terminated and another one has started. While CRLF sequences are not malicious characters in themselves, they can be used with malicious intent, for  example for HTTP response splitting.

CRLF injection in web applications :-

In web applications, a CRLF injection can have a severe impact, depending on what the application does with the request blocks. Consequences can range from information disclosure to code execution, a direct impact web application security vulnerability. In fact, a CRLF injection attack can have very serious repercussions on a web application, even though it was never listed in the OWASP Top 10 list. Let's look at an example that shows how to use CRLF injection to manipulate log files in an admin panel.

POC :-
http://theapp.bbcstudios.com:80/%0Acr...


For enrolling my cybersecurity and Bugbounty course,

WhatsApp +91 82709 13635.

================
Connect with me:
================
🐦 Twitter:   / karthithehacker  
📸 Instagram:   / karthithehacker  
💼 LinkedIn:   / karthikeyan--v  
🌐 Website: https://www.karthithehacker.com/