CRLF Injection - Complete Bug Bounty Handbook
The term CRLF refers to Carriage Return (ASCII 13, \r) Line Feed (ASCII 10, \n). They're used to note the termination of a line, however, dealt with differently in today’s popular Operating Systems.
For example: in Windows, both a CR and LF are required to note the end of a line, whereas, In Linux/UNIX, LF is only required. In the HTTP protocol, the CR-LF sequence is always used to terminate a line.
A CRLF Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL.
CRLF Injection Payload
CRLF Injection Payloads 👉 %0D%0A
Vulnerability Threat Classification
Attack Category 👉 High
Exploitation Examples



