Vulnerability Development mailing list archives
Re: CRLF Injection
From: Justin Case <weaver27 () earthlink net>
Date: Thu, 09 May 2002 06:37:46 -0700
Ulf Harnhammar wrote:
we can redirect to a site while setting a cookie by giving $url the value "http://www.kuro5hin.org/\015\012Set-Cookie: evil=natas". If the cookie contains important data and one user can save URL's that another user will be redirected to, this can be serious.
While doing a pentest for a major banking website, I showed them how an attacker could use this technique to set a permanent cookie to an invalid value, resulting in a permanant DOS against every user that encountered the attack. They finally understood what I was saying when I locked up a manager's browser and he couldn't get into his own site until I deleted his bad cookie. But they still felt it would be too much work to fix it.
Current thread:
- CRLF Injection Ulf Harnhammar (May 08)
- Buffer Overflow Discovery Brett Moore (May 08)
- Re: CRLF Injection Justin Case (May 09)