CRLF Injection Attack

The term CRLF stands for Carriage Return (CR, ASCII 13, \r) Line Feed (LF, ASCII 10, \n). These are ACSII characters which display nothing on screen but are very widely used in Windows to indicate an end of line. On Linux/UNIX systems the end of line is indicated by the use of the Line Feed only. This combination of CR and LR is used for example when pressing "Enter" on the keyboard. Depending on the application being used, pressing "Enter" generally instructs the application to start a new line, or to send a command. A CRLF Injection attack occurs when a hacker manages to inject CRLF Commands into the system. For example, if you are using a simple text file to store some data accepted from user, and user enters a line that contains \n or other formfeed/linefeed character, the application will treat it as two seperate entries. This security Hole must be prevented by all developers. Preventing such flaw is very easy, provided the developer is little alert while developing the application. Show parent | Reply