Carriage return (CR) and line feed (LF), also known as CRLF injection is a type of vulnerability that allows a hacker to enter special characters into a web application, altering its operation or confusing the administrator. Log poisoning and HTTP response splitting are two prominent harmful uses of this technique. Additionally, CRLF injection can be used by an attacker to exploit other vulnerabilities, such as cross-site scripting (XSS). According to Open Web Application Security Project (OWASP), CRLF vulnerabilities are among the top 10 vulnerabilities and are a type of injection attack. Automated testing can help to quickly identify CRLF vulnerabilities, and is particularly useful for companies to test their applications before releasing them. However, CRLF vulnerabilities foster a better approach to mitigate CRLF vulnerabilities in the early stage and help secure applications against high-risk known vulnerabilities. There has been less research on CRLF vulnerabilities and how to detect them with automated testing. There is room for further research to be done on this subject matter in order to develop creative solutions to problems. It will also help to reduce false positive alerts by checking the header response of each request. Security automation is an important issue for companies trying to protect themselves against security threats. Automated alerts from security systems can provide a quicker and more accurate understanding of potential vulnerabilities and can help to reduce false positive alerts. Despite the extensive research on various types of vulnerabilities in web applications, CRLF vulnerabilities have only recently been included in the research. Utilizing automated testing as a recurring task can assist companies in receiving consistent updates about their systems and enhance their security.

翻译：回车（CR）和换行（LF），即CRLF注入，是一种允许黑客向Web应用输入特殊字符、改变其运行或混淆管理员的漏洞类型。日志投毒和HTTP响应拆分是该技术的两种主要危害用途。此外，攻击者还可利用CRLF注入来利用其他漏洞，例如跨站脚本（XSS）。根据开放Web应用安全项目（OWASP），CRLF漏洞位列十大漏洞之一，是一种注入攻击类型。自动化测试有助于快速识别CRLF漏洞，尤其能帮助企业在发布应用前进行测试。然而，CRLF漏洞需要更好的方法在早期阶段缓解风险，并帮助保护应用免受高风险的已知漏洞攻击。目前关于CRLF漏洞及其通过自动化测试进行检测的研究较少。该主题仍有进一步研究的空间，以开发创造性的解决方案。同时，通过检查每次请求的头部响应，有助于减少误报。安全自动化对于企业防范安全威胁至关重要。来自安全系统的自动化警报能更快、更准确地了解潜在漏洞，并有助于减少误报。尽管针对Web应用各类漏洞的研究已相当广泛，但CRLF漏洞仅近期才被纳入研究范畴。将自动化测试作为常规任务使用，可以帮助企业持续获取系统更新信息，并增强其安全性。