CRLF Injection

Disclosed: 2014-08-07 14:13:27 By bigbear To khanacademy
Unknown
Vulnerability Details
Is it possible for a remote attacker to inject custom HTTP headers. For example, an attacker can inject session cookies or HTML code. This may conduct to vulnerabilities like XSS (cross-site scripting) or session fixation. PoC https://crowdin.khanacademy.org/page/in-context-localization?email=%0d%0a%20InjectedBy:BigBear
Actions
View on HackerOne
Report Stats
  • Report ID: 13314
  • State: Closed
  • Substate: informative
  • Upvotes: 2
Share this report