This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "CRLF Injection"
(→Related Attacks: Added Log Injection) (Tag: Visual edit) |
|||
(4 intermediate revisions by 2 users not shown) | |||
Line 6: | Line 6: | ||
==Description== | ==Description== | ||
− | The term CRLF refers to '''C'''arriage '''R'''eturn (ASCII 13, \r) '''L'''ine '''F'''eed (ASCII 10, \n). They're used to note the termination of a line, however, dealt with differently in today’s popular Operating Systems. For example: in Windows both a CR and LF are required to note the end of a line, whereas in Linux/UNIX a LF is only required. | + | The term CRLF refers to '''C'''arriage '''R'''eturn (ASCII 13, \r) '''L'''ine '''F'''eed (ASCII 10, \n). They're used to note the termination of a line, however, dealt with differently in today’s popular Operating Systems. For example: in Windows both a CR and LF are required to note the end of a line, whereas in Linux/UNIX a LF is only required. In the HTTP protocol, the CR-LF sequence is always used to terminate a line. |
− | A CRLF Injection attack occurs when a user | + | A CRLF Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL. |
==Risk Factors== | ==Risk Factors== | ||
Line 15: | Line 15: | ||
==Examples== | ==Examples== | ||
− | Depending on how the application is developed this can be a minor problem or a fairly serious security flaw. | + | Depending on how the application is developed, this can be a minor problem or a fairly serious security flaw. Let's look at the latter because this is after all a security related post. |
− | Let's assume a file is used at some point to read/write data to | + | Let's assume a file is used at some point to read/write data to a log of some sort. If an attacker managed to place a CRLF then can then inject some sort of read programmatic method to the file. This could result in the contents being written to screen on the next attempt to use this file. |
− | |||
− | |||
+ | Another example is the "response splitting" attacks, where CRLFs are injected into an application and included in the response. The extra CRLFs are interpreted by proxies, caches, and maybe browsers as the end of a packet, causing mayhem. | ||
==Related [[Attacks]]== | ==Related [[Attacks]]== | ||
− | * [[ | + | * [[HTTP Response Splitting]] |
− | * [[ | + | * [[Log Injection]] |
Line 50: | Line 49: | ||
[[Category:FIXME|add links | [[Category:FIXME|add links | ||
− | |||
In addition, one should classify vulnerability based on the following subcategories: Ex:<nowiki>[[Category:Error Handling Vulnerability]]</nowiki> | In addition, one should classify vulnerability based on the following subcategories: Ex:<nowiki>[[Category:Error Handling Vulnerability]]</nowiki> | ||
Availability Vulnerability | Availability Vulnerability | ||
− | |||
Authorization Vulnerability | Authorization Vulnerability | ||
− | |||
Authentication Vulnerability | Authentication Vulnerability | ||
− | |||
Concurrency Vulnerability | Concurrency Vulnerability | ||
− | |||
Configuration Vulnerability | Configuration Vulnerability | ||
− | |||
Cryptographic Vulnerability | Cryptographic Vulnerability | ||
− | |||
Encoding Vulnerability | Encoding Vulnerability | ||
− | |||
Error Handling Vulnerability | Error Handling Vulnerability | ||
− | |||
Input Validation Vulnerability | Input Validation Vulnerability | ||
− | |||
Logging and Auditing Vulnerability | Logging and Auditing Vulnerability | ||
− | |||
Session Management Vulnerability]] | Session Management Vulnerability]] | ||
__NOTOC__ | __NOTOC__ | ||
− | |||
[[Category:OWASP ASDR Project]] | [[Category:OWASP ASDR Project]] | ||
[[Category:Vulnerability]] | [[Category:Vulnerability]] | ||
[[Category:Implementation]] | [[Category:Implementation]] |
Latest revision as of 16:50, 14 March 2018
This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.
Last revision (mm/dd/yy): 03/14/2018
Vulnerabilities Table of Contents
Description
The term CRLF refers to Carriage Return (ASCII 13, \r) Line Feed (ASCII 10, \n). They're used to note the termination of a line, however, dealt with differently in today’s popular Operating Systems. For example: in Windows both a CR and LF are required to note the end of a line, whereas in Linux/UNIX a LF is only required. In the HTTP protocol, the CR-LF sequence is always used to terminate a line.
A CRLF Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL.
Risk Factors
TBD
Examples
Depending on how the application is developed, this can be a minor problem or a fairly serious security flaw. Let's look at the latter because this is after all a security related post.
Let's assume a file is used at some point to read/write data to a log of some sort. If an attacker managed to place a CRLF then can then inject some sort of read programmatic method to the file. This could result in the contents being written to screen on the next attempt to use this file.
Another example is the "response splitting" attacks, where CRLFs are injected into an application and included in the response. The extra CRLFs are interpreted by proxies, caches, and maybe browsers as the end of a packet, causing mayhem.
Related Attacks
Related Vulnerabilities
Related Controls
Related Technical Impacts
References
TBD