Skip to content

Commit 79ffbd9

Browse files
RuulianRuulian
committed
Add Werkzeug Automated Exploitation
1 parent 62b192c commit 79ffbd9

File tree

1 file changed

+4
-0
lines changed

1 file changed

+4
-0
lines changed

network-services-pentesting/pentesting-web/werkzeug.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -176,6 +176,10 @@ As observed in [**this issue**](https://github.com/pallets/werkzeug/issues/2833)
176176

177177
This is because, In Werkzeug it's possible to send some **Unicode** characters and it will make the server **break**. However, if the HTTP connection was created with the header **`Connection: keep-alive`**, the body of the request won’t be read and the connection will still be open, so the **body** of the request will be treated as the **next HTTP request**.
178178

179+
## Automated Exploitation
180+
181+
{% embed url="https://github.com/Ruulian/wconsole_extractor" %}
182+
179183
## References
180184

181185
* [**https://www.daehee.com/werkzeug-console-pin-exploit/**](https://www.daehee.com/werkzeug-console-pin-exploit/)

0 commit comments

Comments
 (0)