• HTTP Headers: CRLF Injection attacks can occur in HTTP headers, such as the "User-Agent" or "Referer" headers. Attackers can insert CRLF sequences into these headers to inject additional headers or modify the response.
Mar 25, 2023 • 4 tweets • 2 min read
Vulnexp 90 | Day68
CRLF Injection
CRLF is a type of web-based attack that allows an attacker to inject malicious code or unwanted data into the HTTP response of a web application.
• CRLF can occur when a web application fails to properly sanitize user-supplied input or validate input parameters. Specifically, they can occur in any part of the HTTP response that accepts user input, including HTTP headers, cookies, and form input.
Mar 10, 2023 • 7 tweets • 2 min read
Vulnexp 90 | Day53
➡️Insecure deserialization
when an attacker manipulates the way that HTTP requests are interpreted by a web server or a proxy server.
Thread 🧵 : 👇
• Insecure deserialization is a type of vulnerability that can occur in applications that involve the serialization and deserialization of data.
• Serialization is the process of converting an object , data structure into a format that can be transmitted or stored.
