Vulnerabilities tagged "cool-vuln"

Usurping Mastodon instances - [CVE-2023-42451]

Normalization gone wrong, Mastodon, when attempting to normalize a domain would intend to remove any trailing `/`from it, however they did this using `.delete("/")` which removes all `/` characters from the string instead of just a trailing `/`. This meant that someone could use an account like `` to spoof the account ``.

PHP servers drop any header if the header has "\r" [@OctagonNetworks]

The title gives this one away, the `header(...)` function in PHP will issue a warning (and keep executing) without adding the header to the response if the header contains a Carriage Return (\r), New-Line (\n) or Null-byte (\x00).That functionality may not be new to you as its purpose is to kill response splitting attacks, but @OctagonNetworks presents a fresh twist on this, probably not the first to have the thought but it was a neat idea to me...