help@cyb4rgeek.xyz

+1 (512) 588 6950

CRLF Injection — xxx$ — How was it possible for me to earn a bounty with the Cloudflare WAF?

Home/CRLF Injection — xxx$ — Ho...
CRLF Injection — xxx$ — How was it possible for me to earn a bounty with the Cloudflare WAF?

What is CRLF?

  • Log Splitting: The attacker inserts an end of line character and an extra line to falsify the log file entries in order to deceive the system administrators by hiding other attacks.
  • HTTP Response Splitting: CRLF injection is used to add HTTP headers to the HTTP response and, for example, perform an XSS attack that leads to information disclosure.

How I was able to find the CRLF?

▶ crlfuzz -u "http://target"

Cookie bomb

Set-Cookie: bomb=1
Set-Cookie: bomb=2
Set-Cookie: bomb=3
…
Set-Cookie: bomb=10000

Cloudflare WAF block

Set-Cookie: crlf=attack

Leave a Reply