6CARRIAGE RETURN LINE FEED INJECTION

Image

Some vulnerabilities allow users to input encoded characters that have special meanings in HTML and HTTP responses. Normally, applications sanitize these characters when they are included in user input to prevent attackers from maliciously manipulating HTTP messages, but in some cases, applications either forget to sanitize input or fail to do so properly. When this happens, servers, proxies, and browsers may interpret the special characters as code and alter the original HTTP message, allowing attackers to manipulate an application’s behavior.

Two examples of encoded characters are %0D and %0A, which represent ...

Get Real-World Bug Hunting now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.