Back to directory

WRITEUP #1149

CVE 2023 25690 - Proof of Concept

OtherHTTP request smugglingHTTP request splittingCRLF injection

by@DSkfunk(dhmosfunk)

Program

Apache HTTP Server

Published

May 22, 2023

Added to HackDex

Jun 1, 2023

Read Full Writeuphttps://github.com/dhmosfunk/CVE-2023-25690-POC

▸ RELATED WRITEUPS

Another 1500$: CR/LF Injection

OtherCRLF injection

Gudifu: Guided Differential Fuzzing for HTTP Request Parsing Discrepancies

OtherWeb cache poisoning

Data Theft in Salesforce: Manipulating Public Links

OtherSOQL injection

When Certificates Fail: A Story of Bypassed MFA in Remote Access

Other2FA / MFA bypass

SSTI in Bug Bounty Program: The Time I Played with Handlebars and Broke Stuff

Built with ❤️ by Shubham Rawat