Self Notes: Web Security Academy HTTP Request Smuggling Lab 7
Link to Lab 7 Here
Lab 7 is exactly the same as Lab 6 except that the Front-end Back-end server pair is TE-CL, this means that the Back-end server does not support chunked encoding. The smuggled request:
Observe that the 'Content-Length' is less than the actual content-length to trick the server into leaving the rest of the request body which will serve as the next request.
The smuggled request has been executed, the server responds with the Administrator's Dashboard. All that is left is to delete Carlos:
The smuggled request has been executed:
Comments
Post a Comment