Anukul Dhuriya Profile picture
Mar 25 4 tweets 2 min read
Vulnexp 90 | Day68

CRLF Injection

CRLF is a type of web-based attack that allows an attacker to inject malicious code or unwanted data into the HTTP response of a web application.

➡️Vulnerabilities Occur:

#bugbountytips #bugbountytip

Thread 🧵 : 👇
Vulnerabilities Occur:

• CRLF can occur when a web application fails to properly sanitize user-supplied input or validate input parameters. Specifically, they can occur in any part of the HTTP response that accepts user input, including HTTP headers, cookies, and form input.
• For example, an attacker can insert a CRLF sequence into an HTTP header to inject additional headers or modify the response. Alternatively, they may use CRLF to inject malicious code, such as JavaScript, into the response body, leading to cross-site scripting (XSS) attacks.
• CRLF can be particularly dangerous when they are combined with other vulns, such as SQL injection or file inclusion vulns. In such cases, an attacker may be able to inject CRLF sequences to execute arbitrary commands or even gain access to sensitive files on the server.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Anukul Dhuriya

Anukul Dhuriya Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @AnukulHexx

Mar 26
Vulnexp 90 | Day69

CRLF Areas to Inspect

➡️Areas to Inspect:

#bugbountytips #bugbountytip

Thread 🧵 : 👇 Image
Areas to Inspect:

• HTTP Headers: CRLF Injection attacks can occur in HTTP headers, such as the "User-Agent" or "Referer" headers. Attackers can insert CRLF sequences into these headers to inject additional headers or modify the response.
• Cookies: Cookies are often used to store user session information, and they can also be vulnerable to CRLF Injection attacks. An attacker can insert CRLF sequences into a cookie value to modify the response or inject additional headers.
Read 6 tweets
Mar 10
Vulnexp 90 | Day53

➡️Insecure deserialization

when an attacker manipulates the way that HTTP requests are interpreted by a web server or a proxy server.

#bugbountytips #bugbountytip

Thread 🧵 : 👇
• Insecure deserialization is a type of vulnerability that can occur in applications that involve the serialization and deserialization of data.

• Serialization is the process of converting an object , data structure into a format that can be transmitted or stored.
• XML, or binary data. Deserialization is the process of converting the serialized data back into an object or data structure.

• When an application receives serialized data, it may deserialize it to reconstruct the original object or data structure. However,
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(