Lucene search
Yashrk0787215AFC7-9133-4749-8E8E-0569317DBD55HistoryFeb 17, 2022 - 12:48 p.m.
CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/
2022-02-1712:48:13
yashrk078
www.huntr.dev
11
crlf injection
stack trace exposure
filtering lack
information disclosure
backend laravel technology
routing path
attack vector escalation
vulnerability
EPSS
0.032
Percentile
91.4%
Description
The Introduction of a New Line Character lets the attacker the stack trace at demo.microweber.org/
This Attack becomes more significant because of its Less complication.
The Stack trace discloses following information :
- Backend Response code.
- The Versions of Backend Laravel technology.
- The Routing Path
Proof of Concept
- Visit the following URL :
https://demo.microweber.org/demo/api/logout?redirect_to= - Now Add the CRLF payload to the parameter. It will look like this :
https://demo.microweber.org/demo/api/logout?redirect_to=xyz%0d%0axyz
Impact
This vulnerability is capable of disclosing sensitive stack trace exposed by the back-end which will let the attacker escalate his/her attack vector.
I Hope you understand this issue and Fix it as soon as possible.
Thank you.
Related
cve
cve
CVE-2022-0666
2022-02-18 15:15:07
veracode
veracode
CRLF Injection
2022-02-21 06:54:56
osv
osv
CRLF Injection in microweber
2022-02-19 00:01:35
CVE-2022-0666
2022-02-18 15:15:07
prion
prion
Crlf injection
2022-02-18 15:15:00
nvd
nvd
CVE-2022-0666
2022-02-18 15:15:07
github
github
CRLF Injection in microweber
2022-02-19 00:01:35
cvelist
cvelist
nuclei
nuclei
Microweber < 1.2.11 - CRLF Injection
2024-05-31 08:31:21