We just discovered an intriguing way to get around the Akamai Web Application Firewall (WAF) solution’s cross-site scripting (XSS) filtering feature during a Chariot customer trial. During an automatic scan, Chariot had located a Carriage Return and Line Feed (CRLF) injection vulnerability. During our exploitation phase, we found the bypass.
Our objectives in this paper are to discuss the method we used to go around the Akamai WAF filtering and to illustrate some of the concerns related to CRLF injection.