CRLF Injection in phpservermon/phpservermonValid
Nov 19th 2021
misconfig of nginx lead to crlf injection
In nginx, $uri is url decoded, which will decode
%0d%0a to CRLF.
return 301 http://<%= @server_name.gsub(/^www\./, '') %>$uri;
Proof of Concept
A request to:
CRLF Injection allows an attacker to inject client-side malicious scripts (E.g. Cross site scripting) to disclose information. An attacker can gain sensitive information like CSRF token and allow the attacker to set fake cookies.