CRLF Injection Overview

CRLF Injection is typically used in HTTP Response Splitting. In the HTTP specification there is a spec stating that the HTTP header is to be split from the data portion of the packet. This formatting split is defined by a carriage return and line feed, or called a \r\n.

Basically by injection a \r\n somewhere in the HTTP header you can split an HTTP packet into 2 different packets. 1 packet will have the malicious payload, while the other packet holds the valid information. HTTP Response Splitting is a vulnerability in the HTTP spec and as such a web server or proxy server will need to know how to handle and protect against these types of attacks and vulnerabilities.

HTTP Response Splitting can lead to the follow types of vulnerabilites.

* XSS or Cross Site Sripting vulnerabilites
* Proxy and web server cache poisoning
* Web site defacement
* Hijacking the client’s session
* Client web browser poisoning

Explore More

Bruter version 1.0

Bruter is a parallel network login brute-forcer on Win32. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of Bruter is to support a variety

Read More

Hacking

Hacking is an unauthorized access of computers and networks. It is the act of piercing computer systems gaining knowledge of the systems and the learning of how it works. The

Read More

Weapons lab hacker escapes jail

A British schoolboy hacker has narrowly escaped jail after sparking a nuclear panic by keying into a top secret American weapons laboratory. Joseph McElroy, who was instead ordered to serve

Read More