Exploitation Tricks

• Try to search for parameters that lead to redirects and fuzz them

• Also test the mobile version of the website, sometimes it is different or uses a different backend

Exploits

HTTP Response Splitting

CRLF chained with Open Redirect

CRLF Injection to XSS

Filter Bypass

References

• PayloadAllTheThings CRLF Injection

• Hacktricks CRLF section