Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Help performing CRLF in a .NET environment
Posted by: zatoichi
Date: November 25, 2008 05:08AM

Hi,

I have been trying to perfrom CRLF in a .NET environment it throws this error

[ArgumentException: Redirect URI cannot contain newline characters.]
System.Web.HttpResponse.Redirect(String url, Boolean endResponse) +539
System.Web.HttpResponse.Redirect(String url) +6
System.Web.UI.Control.OnLoad(EventArgs e) +67
System.Web.UI.Control.LoadRecursive() +35
System.Web.UI.Page.ProcessRequestMain() +750
It is checking for invalid characters (CR,LF , null etc. ) is there any way to bypass this security check

thanks

Options: ReplyQuote
Re: Help performing CRLF in a .NET environment
Posted by: Onhacks team
Date: November 30, 2008 12:15PM

I think this is not a security check but a syntax check.
Quoted from RFC 2396
"The control characters in the US-ASCII coded character set are not
used within a URI, both because they are non-printable and because
they are likely to be misinterpreted by some control mechanisms.

control = <US-ASCII coded characters 00-1F and 7F hexadecimal>"

Although this RFC is a bit old, but this make sense to not include control characters in the URI, I don't think in the newest RFC of URI will allow these set of characters. So I think the exception that you got is a syntax error.

BTW, what do you want to do with the CRLF?

FYI, here is a link:
http://www.faqs.org/rfcs/rfc2396.html

Options: ReplyQuote
Re: Help performing CRLF in a .NET environment
Posted by: zatoichi
Date: December 02, 2008 12:10AM

i meant CRLF injection (for HTTP header Splitting) sorry for not being clear in my first message , it is detecting %0d%0a characters in the stream and printng this stack trace, and preventing a HTTP header splitting attack, so i was wondering whether it can be bypassed ??

Options: ReplyQuote


Sorry, only registered users may post in this forum.