CRLF Injection Playbook

Hello Guys,
Just a Rough analysis of bugs Disclosed Publicly about CRLF injection

This analysis is done just because of curiosity about learning new things and tho I found this topic interesting. So Thought of sharing about it with you guys.
I started with Reading about disclosed reports about CRLF injection on Hackerone Hacktivity. (Some interesting reports will be discussed below)

Getting Started

Now, What is CRLF?

Line feed = \n (%0a)
Carriage Return = \r (%0d)

Basically, Pressing Enter key is the combination of carriage return & line feed

Windows Editor mostly uses a combination of \r\n
Unix uses mostly \n

Diggin’ into Injection and Attack Vector

What is CRLF Injection?

A Carriage Return Line Feed (CRLF) Injection vulnerability occurs when an application does not sanitize user input correctly and allows for the insertion of carriage returns and line feeds, input which for many internet protocols, including HTML, denote line breaks and have special significance.
For example, Parsing of HTTP message relies on CRLF characters (%0D%0A which decoded represent \r\n) to identify sections of…