Shulou(Shulou.com)06/01 Report--

CRLF is the abbreviation of "enter + newline" (\ r\ n). In the HTTP protocol, HTTP Header and HTTP Body are separated by two CRLF, and the browser is based on these two CRLF (tested with payload% 0a%0d%0a%0d) to extract the HTTP content and display it. So, once we can control the characters in the HTTP header and inject some malicious line breaks, we can inject some session Cookie (http://www.xx.com%0a%0d%0a%0dSet-cookie:JSPSESSID%3Dxxx) or HTML code (http://www.xx.com/?url=%0a%0d%0a%0d)

), so CRLF Injection is also called HTTP Response Splitting, or HRS for short.

Repair recommendations:

Filter newline characters such as\ r and\ n to avoid contamination of input data to other HTTP headers.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.