CRLF Injection Defined
Key Concepts of CRLF Injection
- XSS or Cross-Site Scripting vulnerabilities
- Proxy and web server cache poisoning
- Website defacement
- Hijacking the client's session
- Client web browser poisoning
Explaining CRLF Injection Through Examples
Preventing CRLF Injections
- Always follow the rule of never trusting user input.
- Sanitize and neutralize all user-supplied data or properly encode output in HTTP headers that would otherwise be visible to users in order to prevent the injection of CRLF sequences and their consequences.