--- meta: author: "Andrea Menin (theMiddle)" description: "HTTP Splitting" enabled: true name: 921190.yaml tests: - test_title: 921190-1 desc: "New line char in request filename (1)" stages: - stage: input: dest_addr: "127.0.0.1" headers: Host: "localhost" User-Agent: "ModSecurity CRS 3 Tests" port: 80 uri: "/foo%0Abar" output: log_contains: id "921190" - test_title: 921190-2 desc: "New line char in request filename (2)" stages: - stage: input: dest_addr: "127.0.0.1" headers: Host: "localhost" User-Agent: "ModSecurity CRS 3 Tests" port: 80 uri: "/foo%0abar" output: log_contains: id "921190" - test_title: 921190-3 desc: "FastCGI variable injection: Nginx + PHP-FPM (CVE-2019-11043)" stages: - stage: input: dest_addr: "127.0.0.1" headers: Host: "localhost" User-Agent: "ModSecurity CRS 3 Tests" port: 80 uri: "/index.php/PHP%0Ainfo.php?QQQ" output: log_contains: id "921190" - test_title: 921190-4 desc: "PHP Settings injection: Nginx + PHP-FPM (CVE-2019-11043)" stages: - stage: input: dest_addr: "127.0.0.1" headers: Host: "localhost" User-Agent: "ModSecurity CRS 3 Tests" port: 80 uri: "/index.php/PHP_VALUE%0Asession.auto_start=1;;;?QQQ" output: log_contains: id "921190"