From f08a019ccc563369292c127898c993e86b34070f Mon Sep 17 00:00:00 2001 From: 0xn3va <0xn3va@MacBook-Pro.local> Date: Mon, 17 Jan 2022 18:04:04 +0300 Subject: [PATCH] Return markup back --- Web Application/Command Injection/README.md | 2 +- Web Application/HTTP Request Smuggling/README.md | 4 ++-- Web Application/Race Condition/README.md | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Web Application/Command Injection/README.md b/Web Application/Command Injection/README.md index 3f633e8..f0e8153 100644 --- a/Web Application/Command Injection/README.md +++ b/Web Application/Command Injection/README.md @@ -147,7 +147,7 @@ Open3.pipeline("os command here") ## List of commands -Combine the execution of multiple commands using the operators `;`, `&`, `&&`, or `||`, and optionally terminated by one of `;`, `&`, or `\\u006e`. +Combine the execution of multiple commands using the operators `;`, `&`, `&&`, or `||`, and optionally terminated by one of `;`, `&`, or `\n`. ```bash $ command1; command2 diff --git a/Web Application/HTTP Request Smuggling/README.md b/Web Application/HTTP Request Smuggling/README.md index 6cf1ff4..07102af 100644 --- a/Web Application/HTTP Request Smuggling/README.md +++ b/Web Application/HTTP Request Smuggling/README.md @@ -50,7 +50,7 @@ Host: vulnerable-website.com Generates 2 error `400 Bad Request`, because the second query is starting with `X-Foo: Bar` and that is an invalid first query line. -An invalid pipeline might look something like (as there is no `\r\\u006e` between the 2 queries): +An invalid pipeline might look something like (as there is no `\r\n` between the 2 queries): ```http GET / HTTP/1.1 @@ -120,7 +120,7 @@ Whenever we find a way to hide the `Transfer-Encoding` header from one server in ## Chunked messages -A chunked message body consists of 0 or more chunks. Each chunk consists of the chunk size, followed by a newline `\r\\u006e`, followed by the chunk contents. The message is terminated with a chunk of size 0, followed by a newline `\r\\u006e`. Example: +A chunked message body consists of 0 or more chunks. Each chunk consists of the chunk size, followed by a newline `\r\n`, followed by the chunk contents. The message is terminated with a chunk of size 0, followed by a newline `\r\n`. Example: ```http POST / HTTP/1.1 diff --git a/Web Application/Race Condition/README.md b/Web Application/Race Condition/README.md index be4df92..fb411ae 100644 --- a/Web Application/Race Condition/README.md +++ b/Web Application/Race Condition/README.md @@ -36,10 +36,10 @@ If you send the following request from the command line: $ echo -ne "GET / HTTP/1.1\r\nHost: website.com\r\n\r\n" | nc website.com 80 ``` -then you will get a response since the HTTP request will be completed. But this will not happen if you remove the last `\\u006e` character, in this case, the server will wait for the last character before the timeout expires. +then you will get a response since the HTTP request will be completed. But this will not happen if you remove the last `\n` character, in this case, the server will wait for the last character before the timeout expires. {% hint style="info" %} -Many web servers use `\\u006e` as the line feed character, so it's important not to swap `\r` and ` \\u006e`, otherwise further tricks may not work +Many web servers use `\n` as the line feed character, so it's important not to swap `\r` and ` \n`, otherwise further tricks may not work {% endhint %} Thus, you can simultaneously open many connections to the server, send 99% of your HTTP request and, as soon as it becomes clear that the main part of the data has been sent, send the last byte or several bytes.