![]() ![]() What is a CRLF injection vulnerability?įirst, let’s discuss a bit more about what a CRLF injection vulnerability is and why it could be useful to an attacker. Rather, we suspect that attackers could use similar bypass techniques against just about every web application firewall product on the market. We also do not intend for this article to single out Akamai in particular. In some cases, we provide simulated screenshots to show what we would have observed when performing the attack, and have manually recreated the scenario using to avoid exposing sensitive information. This allows us to include details on technique without exposing any information that could be linked to the customer network environments. Instead, we have substituted for the customer domain and redacted other potentially identifying information. Please note that while we use as the vulnerable application within this article, the site itself wasn’t actually vulnerable to CRLF injection. In this article, our goals are to explain some of the risks associated with CRLF injection as well as discuss the technique we leveraged to bypass the Akamai WAF filtering. Chariot had identified a Carriage Return and Line Feed (CRLF) injection vulnerability during an automated scan, and we discovered the bypass during our exploitation phase. During a recent Chariot customer pilot we identified an interesting method to bypass the cross-site scripting (XSS) filtering functionality within the Akamai Web Application Firewall (WAF) solution.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |