CRLF injection
Exploitation Tricks
Try to search for parameters that lead to redirects and fuzz them
Also test the mobile version of the website, sometimes it is different or uses a different backend
Exploits
HTTP Response Splitting
CRLF chained with Open Redirect
CRLF Injection to XSS
Filter Bypass
References
Last updated