CRLF Injection - Complete Bug Bounty Handbook

The term CRLF refers to Carriage Return (ASCII 13, \r) Line Feed (ASCII 10, \n). They're used to note the termination of a line, however, dealt with differently in today’s popular Operating Systems.

For example: in Windows, both a CR and LF are required to note the end of a line, whereas, In Linux/UNIX, LF is only required. In the HTTP protocol, the CR-LF sequence is always used to terminate a line.

A CRLF Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL.

CRLF Injection Payload

CRLF Injection Payloads 👉 %0D%0A  

Vulnerability Threat Classification

Attack Category 👉 High

Exploitation Examples

HackerOne Reports for Practicals

HTTP Response Splitting 👉 https://hackerone.com/reports/446271 
HTTP Response Splitting 👉 https://hackerone.com/reports/53843
HTTP Response Splitting 👉 https://hackerone.com/reports/52042
CRLF Injection 👉 https://hackerone.com/reports/237357
CRLF Injection 👉 https://hackerone.com/reports/858650

Follow us on our Social Media Handles 👇👇👇👇👇👇

LinkedIn 👉 https://www.linkedin.com/company/thehacktivists/
Instagram 👉 https://www.instagram.com/thehacktivists_/
YouTube 👉 https://www.youtube.com/c/TheHacktivists
Facebook 👉 https://www.facebook.com/TheHacktivism
Twitter 👉 https://twitter.com/thehacktivists_/

Google Profile 👇👇👇👇👇👇

Google Profile 👉 https://g.page/thehacktivists/