Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-15 01:17:36 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #870 from Ruulian/master

Browse source 
Add Werkzeug Automated Exploitation
This commit is contained in:
cp 2024-05-14 12:25:05 +02:00 committed by GitHub
commit 08d95649aa
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
network-services-pentesting/pentesting-web/werkzeug.md
View file

@ -176,6 +176,10 @@ As observed in [**this issue**](https://github.com/pallets/werkzeug/issues/2833)
This is because, In Werkzeug it's possible to send some **Unicode** characters and it will make the server **break**. However, if the HTTP connection was created with the header **`Connection: keep-alive`**, the body of the request wont be read and the connection will still be open, so the **body** of the request will be treated as the **next HTTP request**.
## Automated Exploitation
{% embed url="https://github.com/Ruulian/wconsole_extractor" %}
## References
* [**https://www.daehee.com/werkzeug-console-pin-exploit/**](https://www.daehee.com/werkzeug-console-pin-exploit/)