Submit #813730: SourceCodester SourceCodester KLiK Social Media Website v1.0.1 CRLF Injectioninfo

TitleSourceCodester SourceCodester KLiK Social Media Website v1.0.1 CRLF Injection
DescriptionHTTP header injection (CRLF injection) was discovered in the page parameter of dbh.inc.php and delete-forum.php. During security testing, it was found that unauthenticated attackers (with a valid user session and level 1 privileges) can inject CRLF sequences into the Location header, leading to HTTP response splitting, session fixation, and cross-site scripting (XSS). Example malicious request: GET /includes/dbh.inc.php?id=1&page=forum%0d%0aSet-Cookie:%20session=Hijacked%0d%0aX-IGNORE: HTTP/1.1 Host: target.com Cookie: PHPSESSID=valid_session
Source⚠️ https://github.com/msaad1999/KLiK-SocialMediaWebsite
User
 g111 (UID 92409)
Submission04/27/2026 03:54 (3 months ago)
Moderation05/24/2026 08:52 (27 days later)
StatusDuplicate
VulDB entry365401 [KLiK SocialMediaWebsite 1.0 HTTP GET Request Parameter injection]
Points0

Do you know our Splunk app?

Download it now for free!