[prev in list] [next in list] [prev in thread] [next in thread]
List: owasp-webgoat
Subject: Re: [Owasp-webgoat] FW: Linux test of WebGoat 5.0 RC1 - Trouble
From: "tim belina" <timbelina () gmail ! com>
Date: 2007-03-11 1:04:47
Message-ID: 86479d7c0703101704j6f7337bbxf6c779c443da4f24 () mail ! gmail ! com
[Download RAW message or body]
'morning Sherif and Simon,
No worries about the delay Simon; I've been flat-out too. Sherif, I'll
double-check re your previous email, and get back to you shortly.
Thanks,
Tim.
On 3/5/07, Sherif Koussa <sherif.fathy@gmail.com> wrote:
> Hi Simon/Tim,
>
> Did you guys tried to paste the hint:
> "=?foobar%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2047%0d%0a%0d%0a<html>Insert
> undesireable content here</html>" right into the "search by country" field?
> please note that there are actually two requests being made (which is
> essence of the attack).
>
> Regards,
> Sherif
>
>
> > ------------------------------
> > *From:* Simon.Vuille@unil.ch [mailto:Simon.Vuille@unil.ch]
> > *Sent:* Thu 2/22/2007 5:00 AM
> > *To:* tim belina; owasp-webgoat@lists.owasp.org; Bruce Mayhew
> > *Subject:* re: [Owasp-webgoat] Linux test of WebGoat 5.0 RC1 - Trouble
> > with HTTP response splitting excercise
> >
> >
> >
> > I have been using RC1 on OS X and, despite the program being
> > very promising, I have found that several lessons do not
> > work appropriately. I have the same problem with HTTP
> > Splitting. Copy pasting the answer (last hint) yields the
> > same result as anything else. I plan on sending pointing out
> > the lessons that seem to cause problems in the future, I
> > just need a bit more time.
> >
> > Regards,
> >
> > Simon
> > ----- Original Message -----
> > Expéditeur: "tim belina" <timbelina@gmail.com>
> > à: owasp-webgoat@lists.owasp.org, bruce.mayhew@g2-inc.com
> > Sujet: [Owasp-webgoat] Linux test of WebGoat 5.0 RC1 -
> > Trouble with HTTP response splitting excercise
> > Date: Thu, 22 Feb 2007 09:38:49 +1000
> >
> > > 'morning all,
> > >
> > > I have been playing with WG5.0 RC1 on openSuSE10.2 x86
> > > with JDK 1.5.0_08 and using Firefox 2.0 as my browser. Its
> > > great! Well done to the contributors! Alas, I did have a
> > > few problems with one of the lessons; the HTTP
> > > response-splitting lesson. Try as I might, I could not
> > > exploit the vuln... I even just cut'n'pasted the answer
> > > via WebScarab :-) Can someone please confirm that the
> > > problem lies with me and not the lesson.
> > >
> > > Thanks,
> > > Tim.
> > > _______________________________________________
> > > Owasp-webgoat mailing list
> > > Owasp-webgoat@lists.owasp.org
> > > http://lists.owasp.org/mailman/listinfo/owasp-webgoat
> >
>
_______________________________________________
Owasp-webgoat mailing list
Owasp-webgoat@lists.owasp.org
http://lists.owasp.org/mailman/listinfo/owasp-webgoat
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic