hacktricks/network-services-pentesting/pentesting-web/golang.md
carlospolop 9e5102b4c0 social
2023-03-06 00:15:43 +01:00

3.7 KiB

HackTricks in 🐦 Twitter 🐦 - 🎙️ Twitch Wed - 18.30(UTC) 🎙️ - 🎥 Youtube 🎥

CONNECT method

In golang, the library net/http usually transforms the path to a canonical one before accessing it:

  • /flag/ -- Is responded with a redirect to /flag
  • /../flag --- Is responded with a redirect to /flag
  • /flag/. -- Is responded with a redirect to /flag

However, when the CONNECT method is used this doesn't happen. So, if you need to access some protected resource you can abuse this trick:

curl --path-as-is -X CONNECT http://gofs.web.jctf.pro/../flag

https://github.com/golang/go/blob/9bb97ea047890e900dae04202a231685492c4b18/src/net/http/server.go#L2354-L2364

HackTricks in 🐦 Twitter 🐦 - 🎙️ Twitch Wed - 18.30(UTC) 🎙️ - 🎥 Youtube 🎥