Dipesh Sunrait – WindowsTechs.com

Cookie is not being set after CRLF Injection in one domain but set in another domain. How can i bypass/set it?

Posted on August 13, 2020 by Dipesh Sunrait

Ok i am facing a very weird behaviour that sets and doesnt set cookie both. So, first i have found CRLF injection in 2 domains, redacted.de and redacted_another.com. When i go to redacted_another.com vulnerable url, the cookie gets set int… Continue reading Cookie is not being set after CRLF Injection in one domain but set in another domain. How can i bypass/set it?→

Does HTTP/2 prevent security vulnerabilites like CRLF injection?

Posted on July 23, 2020 by Dipesh Sunrait

Which vulnerabilites does HTTP/2 prevent?
More specifically:

Does it prevent HTTP request smuggling?
Does it prevent HTTP response splitting / CRLF injection?

Continue reading Does HTTP/2 prevent security vulnerabilites like CRLF injection?→