From 79ffbd9513dd2952998bf1eb92ae6fe65efda0e7 Mon Sep 17 00:00:00 2001 From: Ruulian Date: Tue, 14 May 2024 00:01:27 +0200 Subject: [PATCH] Add Werkzeug Automated Exploitation --- network-services-pentesting/pentesting-web/werkzeug.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/network-services-pentesting/pentesting-web/werkzeug.md b/network-services-pentesting/pentesting-web/werkzeug.md index 5162244ed6b..46783bc146e 100644 --- a/network-services-pentesting/pentesting-web/werkzeug.md +++ b/network-services-pentesting/pentesting-web/werkzeug.md @@ -176,6 +176,10 @@ As observed in [**this issue**](https://github.com/pallets/werkzeug/issues/2833) This is because, In Werkzeug it's possible to send some **Unicode** characters and it will make the server **break**. However, if the HTTP connection was created with the header **`Connection: keep-alive`**, the body of the request won’t be read and the connection will still be open, so the **body** of the request will be treated as the **next HTTP request**. +## Automated Exploitation + +{% embed url="https://github.com/Ruulian/wconsole_extractor" %} + ## References * [**https://www.daehee.com/werkzeug-console-pin-exploit/**](https://www.daehee.com/werkzeug-console-pin-exploit/)