.png)
1 year ago
69 BOOK THIS SPACE FOR AD
ARTICLE ADAs a bug bounty hunter, I’m always on the lookout for security vulnerabilities that I can report to companies and earn rewards. Recently, I discovered a CRLF injection vulnerability on a popular website through the HackerOne platform, and in this blog post, I’m going to share how I found it and the impact it had.
First, let me explain what CRLF injection is. CRLF stands for “Carriage Return Line Feed”, which are special characters used to represent the end of a line in various protocols, including HTTP. An attacker can inject CRLF characters into an HTTP header, which can lead to various attacks, such as HTTP response splitting, cross-site scripting, and cookie manipulation.
During my bug bounty testing, I used my crlfi tool, I created this tool for the purpose of detect the CRLF injection Bug. You can install it on your machine by running the following command: “npm install crlfi -g”. It is supported on Windows, Mac, and Linux operating systems. To learn more about how to use it, please visit my Github repository “https://github.com/karthi-the-hacker/crlfi”.
After a few minutes of scanning, I was able to obtain a vulnerable output with the payload.
I noticed that the location header value was not properly sanitized, and I was able to inject CRLF characters into it using a simple payload like “%0d%0a” Example http://example.com/%0D%0ATest-Header:karthithehacker .
This allowed me to manipulate the server’s response and inject arbitrary content into it, such as fake headers or even JavaScript code.
To demonstrate the impact of the vulnerability, I created a proof of concept that injected a fake “Set-Cookie” header into the server’s response, which could be used to steal session cookies and perform session hijacking attacks. I reported the vulnerability to the company through the HackerOne platform, and they confirmed it and rewarded me with a bounty.
The lesson here is that even seemingly harmless headers can be vulnerable to CRLF injection, and it’s important to properly sanitize user input before using it in HTTP headers. As a bug bounty hunter, it’s also important to keep an eye out for these types of vulnerabilities, as they can have a significant impact on the security of a web application.
Tips:- Downgrade the HTTPS to HTTP and inject CRLF payloads
POC Video :
In conclusion, CRLF injection is a powerful technique that attackers can use to manipulate HTTP headers and perform various attacks. By understanding how it works and how to prevent it, we can help make the web a safer place for everyone.
Connect with me:
Twitter: https://twitter.com/karthithehacker
Instagram: https://www.instagram.com/karthithehacker/
LinkedIn: https://www.linkedin.com/in/karthikeyan--v/
Website: https://www.karthithehacker.com/
Github : https://github.com/karthi-the-hacker/
npmjs: https://www.npmjs.com/~karthithehacker
Youtube: https://www.youtube.com/karthithehacker
Thank you
Bengali (Bangladesh) · 
English (United States) ·