After security scan from Acunetix, i got a medium severity alert "CRLF injection/HTTP response splitting (Web Server)".
I have filtered all CR LF characters from users input in my website. But still it shows same alert.
I don't understand how do i solve this issue or Exact where is the problem? My PHP version is PHP 7 and i'm using Codeigniter 3.14 framework.
Screenshot given below.
Asked
Active
Viewed 1,939 times
0
Amanullah Aman
- 633
- 1
- 12
- 29
-
Does it say which file or route? – Tpojka Jul 20 '17 at 06:19
-
It doesn't say any specific file or route. [Click to see the screenshot](http://i.imgur.com/nRl7hJp.png) – Amanullah Aman Jul 20 '17 at 06:42
-
What have you tested: just home page / route? – Tpojka Jul 20 '17 at 06:53
-
I scanned it from Acunetix. I just put there my homeurl. Probably it tested all routes. [Take a look my scan summery](http://i.imgur.com/KbOeb3I.png) – Amanullah Aman Jul 20 '17 at 07:13
1 Answers
0
This might be helpful to you-
To avoid such HTTP Splitting vulnerabilities parse all user input for CR LF \r\n %0d%0a or any other forms of encoding these or other such malicious characters before using them in any form of HTTP headers. These vulnerabilities can be used to fool their clients and steal authentication information.
Refer- http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
Hossain Md Awlad
- 3
- 1
- 1
- 5
-
I have restrict users input and also encode URLs. Still now its not working. – Amanullah Aman Jul 23 '17 at 06:21