CRLF Injection Overview

CRLF Injection is typically used in HTTP Response Splitting. In the HTTP specification there is a spec stating that the HTTP header is to be split from the data portion of the packet. This formatting split is defined by a carriage return and line feed, or called a \r\n.

Basically by injection a \r\n somewhere in the HTTP header you can split an HTTP packet into 2 different packets. 1 packet will have the malicious payload, while the other packet holds the valid information. HTTP Response Splitting is a vulnerability in the HTTP spec and as such a web server or proxy server will need to know how to handle and protect against these types of attacks and vulnerabilities.

HTTP Response Splitting can lead to the follow types of vulnerabilites.

* XSS or Cross Site Sripting vulnerabilites
* Proxy and web server cache poisoning
* Web site defacement
* Hijacking the client’s session
* Client web browser poisoning

Explore More

How to Hack a Window XP Admins Password

This is a cool little computertrick for Microsoft Windows trick I’ve picked up in my travels and decided to share it with you fine and ethical individuals =). Log in

Read More

Batten down the Hatches—10-Minute Tactics

The simplest way to defend your computer quickly against hackers is to use a firewall. So let’s look at your two fastest options. Either can be done in 10 minutes.Turn

Read More

Hackers return fire at security patches

Hackers have hit back against major security patches issued by the likes of Microsoft, with a marked rise in self-installing robot programs that allow an unauthorised user to control a

Read More