CTF
/
path-normalization-bypasses
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added Spring Boot bypasses that still work

This commit is contained in:
dub-flow 2024-05-16 14:02:02 +02:00
parent 8a87426f05
commit 1cb1550a8d
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -28,3 +28,8 @@ This repository contains different scenarios for bypassing 403s leverage path no
### Java (Spring Boot) ### Java (Spring Boot)
* Working bypass on `nginx@1.25.5`: We can access the `/admin` page by visiting `GET /admin;` (no fancy hex here, literally just a `;`)
* Working bypasses on `nginx@1.20.2`
- `GET /admin;` also works here
- Moreover, `GET /admin\x09` (fancy hex character again!) works