Cross Site Scripting Filter Bypassing using Header Injection (CRLF).....
Cross Site Scripting Filter Bypassing using CRLF..... This is my first technical writing. So please share your reviews and suggestions.. I would like to share a cross site scripting vulnerability found in one of the application I was testing. Usually xss is very common in the websites. However I found this one interesting, as this vulnerability is triggered using another known vulnerability CRLF. The application I was testing is very secured in case of xss as it is having restrictions on both input and output. 1. whenever a tag with "<" and ">" together (like <script>)is used in input, the application will filter and redirect to an error page. 2. If you use either "<" or ">" without the other then it'll encode the input to html entity encoded form. So I find this irritating and tried all known attack vectors, found nothing but logged out forcibly. So I stopped hunting for xss and concentrated mor...