Add Werkzeug Automated Exploitation

HackTricks-wiki · May 13, 2024 · 79ffbd9 · 79ffbd9
1 parent 62b192c
commit 79ffbd9
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/network-services-pentesting/pentesting-web/werkzeug.md b/network-services-pentesting/pentesting-web/werkzeug.md
@@ -176,6 +176,10 @@ As observed in [**this issue**](https://github.com/pallets/werkzeug/issues/2833)
 
 This is because, In Werkzeug it's possible to send some **Unicode** characters and it will make the server **break**. However, if the HTTP connection was created with the header **`Connection: keep-alive`**, the body of the request won’t be read and the connection will still be open, so the **body** of the request will be treated as the **next HTTP request**.
 
+## Automated Exploitation
+
+{% embed url="https://github.com/Ruulian/wconsole_extractor" %}
+
 ## References
 
 * [**https://www.daehee.com/werkzeug-console-pin-exploit/**](https://www.daehee.com/werkzeug-console-pin-exploit/)