CRLF Injection in phpservermon/phpservermon
Valid
Reported on
Nov 19th 2021
Description
misconfig of nginx lead to crlf injection
In nginx, $uri is url decoded, which will decode %0d%0a to CRLF.
code:
return 301 http://<%= @server_name[0].gsub(/^www\./, '') %>$uri;
Proof of Concept
A request to:
http://www.test.com/%0d%0afake_header:123%0d%0a%0d%0afake_content
Impact
CRLF Injection allows an attacker to inject client-side malicious scripts (E.g. Cross site scripting) to disclose information. An attacker can gain sensitive information like CSRF token and allow the attacker to set fake cookies.
We are processing your report and will contact the
phpservermon
team within 24 hours.
a year ago
We have contacted a member of the
phpservermon
team and are waiting to hear back
a year ago
We have sent a
follow up to the
phpservermon
team.
We will try again in 7 days.
a year ago
We have sent a
second
follow up to the
phpservermon
team.
We will try again in 10 days.
a year ago
We have sent a
third and final
follow up to the
phpservermon
team.
This report is now considered stale.
a year ago
Thanks for notifying. Fixed by removing PuPHPet and updating Vagrant. I would consider the scope of this vulnerability to be low because the Vagrant environment is meant for development only.
to join this conversation