CRLF Injection Overview

CRLF Injection is typically used in HTTP Response Splitting. In the HTTP specification there is a spec stating that the HTTP header is to be split from the data portion of the packet. This formatting split is defined by a carriage return and line feed, or called a \r\n.

Basically by injection a \r\n somewhere in the HTTP header you can split an HTTP packet into 2 different packets. 1 packet will have the malicious payload, while the other packet holds the valid information. HTTP Response Splitting is a vulnerability in the HTTP spec and as such a web server or proxy server will need to know how to handle and protect against these types of attacks and vulnerabilities.

HTTP Response Splitting can lead to the follow types of vulnerabilites.

* XSS or Cross Site Sripting vulnerabilites
* Proxy and web server cache poisoning
* Web site defacement
* Hijacking the client’s session
* Client web browser poisoning

Explore More

EC-Council Launches Center for Advanced Security Training (CAST)

EC-Council Launches Center for Advanced Security Training (CAST) to Address the Growing Need for Advanced Information Security Knowledge Mar 9, 2011, Albuquerque, NM – According to the report, Commission on

Google Talk Cheats

With Google Talk being all the craze right now, some people hating it, and others loving it, I figured that I would post a list of tips and tricks for

Hacked Information and Proof of Concept @ PlanetCreator.net

“Hacking” In this category, We’re going to post Hacker’s proof-of-concept. Unless you know how to hack, you can not defend yourself from hackers. We’ll know how hack hacks and how