Closed phihag closed 11 years ago
The current CRLF attack test isn't actually vulnerable to the attack, but just simulates what would happen statically. Instead, use a real vulnerable site as a test case (maybe add a task to vulnsrv as well?).
This has been fixed in c3c5ea0c8eefb445885dbd2b99272b5887cd2201 .
The current CRLF attack test isn't actually vulnerable to the attack, but just simulates what would happen statically. Instead, use a real vulnerable site as a test case (maybe add a task to vulnsrv as well?).