OWOX, Inc.: HTTP Response Splitting(CRLF injection) in bi.owox.com

2016-09-23T15:19:39
ID H1:171473
Type hackerone
Reporter quistertow
Modified 2016-12-20T20:35:20

Description

Hello, I found a CRLF injection vulnerability in bi.owox.com > More about HTTP response splitting https://www.owasp.org/index.php/Testing_for_HTTP_Splitting/Smuggling_(OTG-INPVAL-016)

POC (Burp) > Adding a new header with %0d%0a

{F122461}

Regards, Florin