File tree 2 files changed +19
-0
lines changed
pentesting/pentesting-web
2 files changed +19
-0
lines changed Original file line number Diff line number Diff line change 181181* [ 69/UDP TFTP/Bittorrent-tracker] ( pentesting/69-udp-tftp.md )
182182* [ 79 - Pentesting Finger] ( pentesting/pentesting-finger.md )
183183* [ 80,443 - Pentesting Web Methodology] ( pentesting/pentesting-web/README.md )
184+ * [ Golang] ( pentesting/pentesting-web/golang.md )
184185 * [ Uncovering CloudFlare] ( pentesting/pentesting-web/uncovering-cloudflare.md )
185186 * [ Laravel] ( pentesting/pentesting-web/laravel.md )
186187 * [ Code Review Tools] ( pentesting/pentesting-web/code-review-tools.md )
Original file line number Diff line number Diff line change 1+ # Golang
2+
3+ ### CONNECT method
4+
5+ In golang, the library net/http usually transforms the path to a canonical one before accessing it:
6+
7+ * /flag/ -- Is responded with a redirect to /flag
8+ * /../flag --- Is responded with a redirect to /flag
9+ * /flag/. -- Is responded with a redirect to /flag
10+
11+ However, when the CONNECT method is used this doesn't happen. So, if you need to access some protected resource you can abuse this trick:
12+
13+ ``` text
14+ curl --path-as-is -X CONNECT http://gofs.web.jctf.pro/../flag
15+ ```
16+
17+ [ https://github.com/golang/go/blob/9bb97ea047890e900dae04202a231685492c4b18/src/net/http/server.go\#L2354-L2364 ] ( https://github.com/golang/go/blob/9bb97ea047890e900dae04202a231685492c4b18/src/net/http/server.go#L2354-L2364 )
18+
You can’t perform that action at this time.
0 commit comments