Self Notes: Web Security Academy HTTP Request Smuggling Lab 9
Lab 9 link
The task for Lab 9 seems very similar to Lab 8 task, same CL-TE server pair, just that in this case, we need to steal another user's data instead of discovering header. But who knows maybe there will be surprises along the way. Let's find out. The following request was made:
The Content-Length in the above request was obtained using trial by error. I started with a lower value and kept incrementing until I got the required cookies:
After obtaining the cookies:
Server response after the above request has been sent:
Comments
Post a Comment