Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

A URL parameter within a call was being used within the headers of a request. In particular, the pVersion parameter of the request. It was being copied into the x-errordescription header without checking the content of it.

Since an attacker controls this and the web server does not protect against it, an attacker can add in newlines to change the meaning of the request. This is called CRLF injection.

Since they can added content to the headers (and to the body!) they can change the Content-Type of the request! Additionally, they can add in their own body, which will be interpreted as HTML. So, the authors get XSS using this technique, which is pretty sick. Flask prevents this by default, citing that "Header values must not contain newline characters".