[prev in list] [next in list] [prev in thread] [next in thread] 

List:       owasp-webgoat
Subject:    Re: [Owasp-webgoat] Help With HTTP Splitting
From:       "Brian Spindel" <bspindel () runbox ! com>
Date:       2007-09-20 15:44:31
Message-ID: E1IYOCd-0005WK-DR () fenris ! runbox ! com
[Download RAW message or body]

Michael,

I got stuck in here as well, and never got unstuck.  (WebGoat on Fedora 7 with \
Firefox)

 -Brian

----- Start Original Message -----
Sent: Thu, 20 Sep 2007 10:32:11 -0500
From: "Michael Wisniewski" <wiz561@gmail.com>
To: owasp-webgoat@lists.owasp.org
Subject: [Owasp-webgoat] Help With HTTP Splitting

> Hi!
> 
> OK, I feel stupid for asking this....but I'm having problems trying to
> exploit the second lesson.  lol...
> 
> I'm hoping that somebody can help me out to see what I'm doing wrong.
> I've tried WebGoat on my Mac OS with Firefox.  I was having problems
> with it, so I then tried the "Damn Vulnerable Linux" disc which has
> webgoat on it.  I'm using that with Konqueror, but still having
> problems.  Here's what I'm doing.
> 
> 1) In the URL of Konqueror, I put in...
> 
> http://127.0.0.1:8080/WebGoat/attack?Screen=50&menu=50&fromRedirect=yes&language=?fo \
> o%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2047%0d%0a%0d%0a<html>Put
>  something in here for a test</html>
> 
> 2)  After that, I use...
> 
> http://127.0.0.1:8080/WebGoat/attack?Screen=50&menu=50&fromRedirect=yes&language=?fo \
> o%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/ \
> html%0d%0aLast-Modified:%20Mon,%2027%20Oct%202007%2014:50:18%20GMT%0d%0aContent-Length:%2047%0d%0a%0d%0a<html>Put
>  something else in here for another test</html>
> 
> 3)  After you hit enter, I'm assuming that  the webgoat screen will
> refresh with my "Put somethign else in here for another test" text,
> and the HTTP SPlitting will have a checkbox.
> 
> Is this how you would exploit it?  Is there something that I'm missing?
> 
> Thank you for any help!!!!
> _______________________________________________
> Owasp-webgoat mailing list
> Owasp-webgoat@lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-webgoat
> 

----- End Original Message -----
_______________________________________________
Owasp-webgoat mailing list
Owasp-webgoat@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-webgoat


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic