| 5015 | How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE! |
SSRF
RCE
CRLF injection
Insecure deserialization |
GitHub |
Orange Tsai (@orange_8361) |
Bug Bounty | 2017-07-28 | 2023-06-13 |
| 4946 | CRLF injection in blockchain.info |
CRLF injection |
Blockchain.info |
Shashank (@cyberboyIndia) |
Bug Bounty | 2017-11-05 | 2023-06-13 |
| 4857 | #BugBounty — Exploiting CRLF Injection can lands into a nice bounty |
CRLF injection |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-02-17 | 2023-06-13 |
| 4718 | Setting arbitrary request headers in Chromium via CRLF injection |
CRLF injection |
Google |
Michał Bentkowski (@SecurityMB) |
Bug Bounty | 2018-06-20 | 2023-06-13 |
| 4666 | CRLF Injection Into PHP’s cURL Options |
CRLF injection |
NA |
TomNomNom (@tomnomnom) |
Bug Bounty | 2018-08-01 | 2023-06-13 |
| 3987 | CRLF injection allow => cookie injection in root domain & xss |
CRLF injection |
Bukalapak |
Abdelhak Kharroubi |
Bug Bounty | 2019-08-06 | 2023-06-13 |
| 3457 | How dangerous is Request Splitting, a vulnerability in Golang or how we found the RCE in Portainer and hacked Uber |
HTTP request splitting
SSRF
CRLF injection
RCE |
Uber |
Andrey Abakumov (@andrewaeva) |
Bug Bounty | 2020-05-25 | 2023-06-13 |
| 3426 | From CRLF to Account Takeover |
CRLF injection
HTTP response splitting
Reflected XSS
Account takeover |
NA |
Valeriy Shevchenko (@Krevetk0Valeriy) |
Bug Bounty | 2020-06-03 | 2023-06-13 |
| 3326 | From . in regex to SSRF — part 3 |
SSRF
CRLF injection |
NA |
Niemiec Marcin (@xvnpw) |
Bug Bounty | 2020-07-07 | 2023-06-13 |
| 2663 | Breaking GitHub Private Pages for $35k |
XSS
CRLF injection
Web cache poisoning |
GitHub |
Robert Chen (@NotDeGhost) |
Bug Bounty | 2021-04-04 | 2023-06-13 |
| 2519 | The beauty of chaining client-side bugs |
CRLF injection
XSS
CSP bypass
DoS
CSTI |
NA |
Master SEC (@MasterSEC_AR) |
Bug Bounty | 2021-05-29 | 2023-06-13 |
| 2512 | CVE-2021-29084: Exploiting CRLF Header Injection in Synology NAS for Unauthenticated File Downloads |
CRLF injection |
Synology |
Justin Taft |
Bug Bounty | 2021-06-01 | 2023-06-13 |
| 1467 | Zimbra Email - Stealing Clear-Text Credentials via Memcache injection |
Memcache injection
CRLF injection |
Zimbra |
Sonar (@SonarSource) |
Bug Bounty | 2022-06-14 | 2023-06-13 |
| 1355 | CRLF to Account takeover (chaining bugs) |
CRLF injection
XSS
Account takeover |
NA |
MoSec (@moe1n1) |
Bug Bounty | 2022-07-16 | 2023-06-13 |
| 969 | $6000 with Microsoft Hall of Fame | Microsoft Firewall Bypass | CRLF to XSS | Microsoft Bug Bounty |
CRLF injection
XSS |
Microsoft |
Neh Patel (@thecyberneh) |
Bug Bounty | 2022-10-12 | 2023-06-13 |
| 742 | Multiple Vulnerabilities in Proxmox VE & Proxmox Mail Gateway |
XSS
CRLF injection
SSRF
LFI
Local Privilege Escalation
Arbitrary file read |
Proxmox |
JianTao Li (@cursered) |
Bug Bounty | 2022-12-02 | 2023-06-13 |
| 655 | CRLF Injection — xxx$ — How was it possible for me to earn a bounty with the Cloudflare WAF? |
CRLF injection |
NA |
Proviesec (@proviesec) |
Bug Bounty | 2022-12-24 | 2023-06-13 |
| 428 | Bypassing Akamai’s Web Application Firewall Using an Injected Content-Encoding Header |
WAF bypass
CRLF injection
XSS |
Akamai |
Adam Crosser |
Bug Bounty | 2023-02-21 | 2023-06-13 |
| 372 | Abusing Hop-by-Hop Header to Chain A CRLF Injection Vulnerability |
CRLF injection
Hop-by-hop header
XSS |
NA |
Simon Bräuer (@redshark1802) |
Bug Bounty | 2023-03-01 | 2023-06-13 |
| 194 | From payload to 300$ bounty: A story of CRLF injection and responsible disclosure on HackerOne |
CRLF injection |
NA |
Karthikeyan.V (@karthithehacker) |
Bug Bounty | 2023-04-16 | 2023-06-13 |
| 63 | CVE 2023 25690 - Proof of Concept |
HTTP Request Smuggling
HTTP request splitting
CRLF injection |
Apache HTTP Server |
dhmosfunk (@DSkfunk) |
Bug Bounty | 2023-05-22 | 2023-06-13 |
