Quick Overview: CRLF Injection Attack
This blog explains the CRLF injection and the prevention techniques to mitigate this vulnerability.
What is CRLF Injection?
CRLF, short for Carriage Return (ASCII 13, \r) Line Feed (ASCII 10, \n), is used to signify End of Line (EOL). The primary function of CRLF is to terminate the line.
CRLF Injection attack allows attackers to inject CR and LF characters into the web applications. The attack is considered a server-side injection at the application layer.
By exploiting CRLF vulnerability, the following attacks may be escalated:
- Cross-Site Scripting (XSS)
- Web Cache Poisoning
- Page Injection
- Cache based defacement
Use Cases of CRLF Injection attacks
- HTTP Response Splitting
- Log Splitting
How to test for CRLF Injection?
CRLF Injection attack may be performed by tampering with HTTP parameters.
Mitigation techniques for CRLF Injection
- Never trust user-supplied input.
- If user-supplied input is submitted to the application., that should be sanitized first for illegal elements.
- Kep libraries and program files are up to date.
- Encode data while passing into HTTP headers.
- Disable unnecessarily used headers in the web server
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.