\r
)\n
)(/?error=Page+Not+found
), redirects the user using the Location
HTTP header while reflecting the value of the error
parameter:https://example.com/<CRLF_injection>
https://example.com/lang=en<CRFL_injection>
__session_start
in OpenVPN is vulnerable to CRLF injection.