HTTP Response Splitting(CRLF injection) in bi.owox.com

Disclosed: 2016-12-20 20:35:20 By quistertow To owox
Unknown
Vulnerability Details
Hello, I found a CRLF injection vulnerability in bi.owox.com > More about HTTP response splitting https://www.owasp.org/index.php/Testing_for_HTTP_Splitting/Smuggling_(OTG-INPVAL-016) **POC (Burp)** > Adding a new header with ```%0d%0a``` {F122461} Regards, Florin
Actions
View on HackerOne
Report Stats
  • Report ID: 171473
  • State: Closed
  • Substate: resolved
  • Upvotes: 12
Share this report