先了解下CRLF,CRLF常用在分隔符之间,CR是carriage retum(ASCII 13, ) LF是Line Feed (ASCII 10, ),
这两个字符类似于回车是用于换行的,因此该漏洞可能会导致程序原有的语义被改变
如:
def helloWorld(name): open('test','a').write("Your name is %s " % name)
假设传入的参数是"coder",内容应为
"Your name is coder"
但如果没有处理好用户的输入,攻击者输入类似的代码时就会产生CRLF注入
"coder My name is superman."
"Your name is coder" "My name is superman."