Back to directory
WRITEUP #4634

From CRLF to Account Takeover

XSSCRLF injectionHTTP response splittingReflected XSSAccount takeover
by@Krevetk0Valeriy(Valeriy Shevchenko)
Program
-
Published
Jun 3, 2020
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://medium.com/@valeriyshevchenko/from-crlf-to-account-takeover-a94d7aa0d74e
RELATED WRITEUPS
Self-XSS to ATO via Site Features
XSSSelf-XSS
Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities
XSSReflected XSS
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
How 100% Manual Hacking (Without Even Kali And Burp) Led To 2 Medium Vulnerabilities On YesWeHack
XSS
Bypassing CSP via URL Parser Confusions : XSS on Netlify’s Image CDN
XSSCSP bypass

Built with ❤️ by Shubham Rawat