| 标题 | SourceCodester SourceCodester KLiK Social Media Website v1.0.1 CRLF Injection |
|---|
| 描述 | HTTP header injection (CRLF injection) was discovered in dbh.inc.php during security testing. By manipulating the blog parameter in HTTP GET requests, an unauthenticated attacker can inject CRLF sequences into the Location response header. This allows the attacker to perform HTTP response splitting, set arbitrary cookies (session fixation), or inject malicious scripts (XSS) into the victim's browser.
Identify a vulnerable endpoint where blog parameter reflects into Location header.
Craft a malicious GET request with CRLF characters encoded as %0d%0a:
GET /includes/dbh.inc.php?blog=1%0d%0aSet-Cookie:%20session=evil%0d%0aX-IGNORE: HTTP/1.1
The server responds with an injected Set-Cookie header.
For XSS, inject %0d%0a%0d%0a followed by JavaScript:
GET /includes/dbh.inc.php?blog=1%0d%0a%0d%0a%3Cscript%3Ealert(1)%3C/script%3E
The browser parses the injected response and executes the script. |
|---|
| 来源 | ⚠️ https://github.com/msaad1999/KLiK-SocialMediaWebsite |
|---|
| 用户 | g111 (UID 92409) |
|---|
| 提交 | 2026-04-27 03時45分 (1 月前) |
|---|
| 管理 | 2026-05-24 08時52分 (27 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 365401 [KLiK SocialMediaWebsite 1.0 HTTP GET Request Parameter 权限提升] |
|---|
| 积分 | 20 |
|---|