Skip to content

Commit

Permalink
Merge pull request #870 from Ruulian/master
Browse files Browse the repository at this point in the history 
Add Werkzeug Automated Exploitation
  • Loading branch information
@carlospolop
carlospolop authored May 14, 2024
2 parents 62b192c + 79ffbd9 commit 08d9564
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions network-services-pentesting/pentesting-web/werkzeug.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,10 @@ As observed in [**this issue**](https://github.com/pallets/werkzeug/issues/2833)

This is because, In Werkzeug it's possible to send some **Unicode** characters and it will make the server **break**. However, if the HTTP connection was created with the header **`Connection: keep-alive`**, the body of the request won’t be read and the connection will still be open, so the **body** of the request will be treated as the **next HTTP request**.

## Automated Exploitation

{% embed url="https://github.com/Ruulian/wconsole_extractor" %}

## References

* [**https://www.daehee.com/werkzeug-console-pin-exploit/**](https://www.daehee.com/werkzeug-console-pin-exploit/)
Expand Down

0 comments on commit 08d9564

Please sign in to comment.