CRLF Injection Overview

CRLF Injection is typically used in HTTP Response Splitting. In the HTTP specification there is a spec stating that the HTTP header is to be split from the data portion of the packet. This formatting split is defined by a carriage return and line feed, or called a \r\n.

Basically by injection a \r\n somewhere in the HTTP header you can split an HTTP packet into 2 different packets. 1 packet will have the malicious payload, while the other packet holds the valid information. HTTP Response Splitting is a vulnerability in the HTTP spec and as such a web server or proxy server will need to know how to handle and protect against these types of attacks and vulnerabilities.

HTTP Response Splitting can lead to the follow types of vulnerabilites.

* XSS or Cross Site Sripting vulnerabilites
* Proxy and web server cache poisoning
* Web site defacement
* Hijacking the client’s session
* Client web browser poisoning

Explore More

Critical SQL Injection in Yadanapura : The Gateway to Myanmar Creative Industries

PlanetCreator has reported another critical SQL Injection (vulnerability) on Yadanapura : The Gateway to Myanmar Creative Industries http://www.yadanapura.com powered by IndexMyanmar This vulnerability has been alerted to :- [email protected] SQL

Read More

[Tut/Sources] References to poly/meta/permutation

Articles: Polymorphic engines – Trigger – SLAM #4 Code: http://vx.netlux.org/lib/static/vdat/tupoleng.htm Polymorphism ant Intel instruction format – LiTlLe VxW – 29A #7 Code: http://vx.netlux.org/29a/29a-7/Articles/29A-7.027 Guide to improving Polymorphic Engines – Rogue

Read More

How to create botnet?

The tutorial includes how to install a ircd, how to compile a bot & ways to spread. “Chapters” 1. What is needed 2. How to configure an (unreal)ircd 3. How

Read More