6CARRIAGE RETURN LINE FEED INJECTION

Image

Some vulnerabilities allow users to input encoded characters that have special meanings in HTML and HTTP responses. Normally, applications sanitize these characters when they are included in user input to prevent attackers from maliciously manipulating HTTP messages, but in some cases, applications either forget to sanitize input or fail to do so properly. When this happens, servers, proxies, and browsers may interpret the special characters as code and alter the original HTTP message, allowing attackers to manipulate an application’s behavior.

Two examples of encoded characters are %0D and %0A, which represent ...

Get Real-World Bug Hunting now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.