Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "viewLinc 5.1.2.367 - Carriage Return Line Feed Attack" module is designed to detect a vulnerability in the viewLinc software version 5.1.2.367 (and sometimes 5.1.1.50). This vulnerability allows remote attackers to inject a carriage return line feed (CRLF) character into the responses returned by the product, enabling them to inject arbitrary HTTP headers into the response.
This module has a low severity level and was authored by geeknik.
If successfully exploited, this vulnerability can allow attackers to manipulate the HTTP response headers, potentially leading to various security issues such as session hijacking, cross-site scripting (XSS), or other forms of injection attacks.
The module sends an HTTP GET request with a specific payload to the target server. The payload includes the following header injection attempt:
/%0ASet-Cookie:crlfinjection=crlfinjection
The module then checks the response headers for specific conditions to determine if the injection was successful. The matching conditions include:
- The presence of the header "Server: viewLinc/5.1.2.367" and "Set-Cookie: crlfinjection=crlfinjection" - Alternatively, the presence of the header "Server: viewLinc/5.1.1.50" and "Set-Cookie: crlfinjection=crlfinjection"If any of these conditions are met, the module reports a vulnerability.
Reference: https://www