CRLF Injection Zero to Master

2 days ago 12
BOOK THIS SPACE FOR AD
ARTICLE AD

bugbounty_learners

Hello guys👋👋 In this article, I’m going to talk about a CRLF INJECTION Finding methods.

CRLF injection is a vulnerability that lets a malicious hacker inject carriage return (CR) and linefeed (LF) characters to change the way a web application works or to confuse its administrator. There are two main malicious uses for CRLF injections: log poisoning (also called log injection, log splitting, or log forging) and HTTP response splitting.

CR and LF are special characters of the ASCII table (13 and 10). They are also often referred to as \r\n after the escape codes of these two characters (\r = CR, \n = LF).

CR and LF are used (together or separately) to signify the end of a line (EoL) in operating systems and Internet protocols, including HTTP.

Attackers can use CRLF injections to escalate to other types of vulnerabilities, primarily cross-site scripting (XSS). CRLF injections can also be used in web apps to influence email behavior – this is called email injection (email header injection).

Read Entire Article