Форум АНТИЧАТ - Http request smuggling

Форум АНТИЧАТ (https://forum.antichat.xyz/index.php)

- Forum for discussion of ANTICHAT (https://forum.antichat.xyz/forumdisplay.php?f=72)

- - Http request smuggling (https://forum.antichat.xyz/showthread.php?t=9973)

Http request smuggling

Hi,
I found a site vulnerable to http request smuggling it runs an apache server. I have been looking up information on this all day yet the stuff that i find doesent explain it verry well! i know that it has to be sent to the site through packets but what i dont understand is how could i use

Код:

Code:

1 POST /some_script.jsp HTTP/1.0

2 Connection: Keep-Alive

3 Content-Type: application/x-www-form-urlencoded

4 Content-Length: 9

5 Content-Length: 204

6

7 this=thatPOST /vuln_page.jsp HTTP/1.0

8 Content-Type: application/x-www-form-urlencoded

9 Content-Length: 95

10

11 param1=value1&data=<script>alert("stealing%20your%20data:"%

2bdocument.cookie)</script>&foobar=

Now i know that does xss but how would i get that to redirect to my cookie stealer. also would that be what im looking for if i want to exploit the server ? well thank you for spending the time to read this (and i did check google for the information, but it didnt sufice)
sincerly
Crimson-Jolt

ps im using inet crack for spoofing

[/code]

$date put in cookie?

I dont understand either of your post's can you elaborate more........
thanks

Sorry my English is bad))
So if $data take in cookie,then http request smuggling maybe done
You can translate this Russian sentensis:
Если переменная $data берется из cookies,то http request smuggling может получится.

if variable $data you take from cookie, then.... =)

as i know this bug is very stupid=) i found one day this bug in one script, and i couldn`t do something except giving me cookie by server named as i wanted=) there in docs were something that we could set header location or something like that..

this bug is called HTTP Response splitting...