CRLF Injection Define

CRLF Injection
CRLF Injection

CRLF Injection defines as CR (Carriage Return) and LF (Line Feed).

CRLF Injection is a one of types of Web injection attacks. By exploiting the CRLF injection flaw in an HTTP response.

They’re used to note the termination of a line, however, dealt with differently in today’s popular Operating Systems.

CRLF Injection Example

In Windows both a CR and LF are required to note the end of a line, whereas in Linux/UNIX a LF is only required. In the HTTP protocol, the CR-LF sequence is always used to terminate a line.

Cyber attackers can modify the application data, compromising integrity and enabling the exploitation of another vulnerabilities such as Cross Site Scripting (XSS), Web Page injection, Web server cache poisoning, Website defacement and more.

A CRLF Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL.

Also Read: Javascript Injection Impact

How To Fix?

  • You should always use a function to encode the CR and LF special characters.
  • Strip any newline characters before passing content into the HTTP header.
  • Encode the data that you pass into HTTP headers. This will effectively scramble the CR and LF codes if the attacker attempts to inject them.

CRLF Injection Cheatsheet

HTTP Response Splitting



Header-based test, site root


\r\n Header-Test:CRLF
\r\n Header-Test:CRLF


CRLF chained with Open Redirect server misconfiguration

Note: This sometimes works. (Discovered in some Yandex sites, was not exploitable from the root.)






Response splitting on 302 Redirect, before Location header (Discovered in DoD)



Response splitting on 301 code, chained with Open Redirect to corrupt location header and to break 301 by @black2fan (Facebook bug)

Note: xxx:1 was used for breaking open redirect destination (Location header). Great example how of to escalate CRLF to XSS on a such, it would seem, unexploitable 301 status code.



Owasp, GitHub

Join Our Club

Enter your Email address to receive notifications | Join over Million Followers

Leave a Reply
Previous Article
TP-Link Smart Router

Zero-Day Vulnerability in TP-Link Smart Routers [POC]

Next Article
Commando VM

Commando VM- Windows Based Security Distribution For Penetration Tester

Related Posts