Created
July 3, 2023 12:10
-
-
Save FrankSpierings/d1afc2649f3f395edf03e9ed74cc744d to your computer and use it in GitHub Desktop.
Tests for Client-Side Desync vulnerabilities on specifically erroneous paths
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
metadata: | |
language: v1-beta | |
name: "Potential Client-Side Desync on erroneous path" | |
description: "Tests for Client-Side Desync vulnerabilities on specifically erroneous paths" | |
author: "Frank Spierings" | |
run for each: | |
potential_path = | |
"/..%2f", | |
"/%2e%2e", | |
"/%2e%2e%2f" | |
given host then | |
send request called trigger: | |
method: "POST" | |
path: {potential_path} | |
body: "GET /hopefully404 HTTP/1.1\r\nX: foo" | |
send request called check: | |
method: "GET" | |
path: "/" | |
if {check.response.status_code} is "404" then | |
report issue: | |
severity: high | |
confidence: tentative | |
detail: `Potential client-side desync vector via erroneous path at {potential_path}.` | |
remediation: "Ensure the proxy does not introduce Client-Side Desync vulnerabilities." | |
end if |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment