CVE-2022-29361 PoC — Pallets Werkzeug 环境问题漏洞

Source

https://github.com/l3ragio/CVE-2022-29361_Werkzeug_Client-Side-Desync-to-XSS

Associated Vulnerability

Title:Pallets Werkzeug 环境问题漏洞 (CVE-2022-29361)
Description:Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations involving development mode and an HTTP server from outside the Werkzeug project

Readme

Credits to @kevin-mizu

https://github.com/kevin-mizu/Werkzeug-CVE-2022-29361-PoC/tree/main

for details read:
https://mizu.re/post/abusing-client-side-desync-on-werkzeug

Tested On Chromium 119.0.6045.123 built on Debian trixie/sid, running on Debian kali-rolling

File Snapshot


 [4.0K]  /data/pocs/d7754c752c1abe70218146bef416d5465a7b70a9
├── [ 147]  docker-compose.yaml
├── [1.0K]  LICENSE
├── [ 265]  README.md
├── [4.0K]  rogue
│   ├── [ 399]  Dockerfile
│   ├── [ 177]  pyvenv.cfg
│   └── [4.0K]  src
│       ├── [   5]  requirements.txt
│       └── [ 802]  rogue_server.py
└── [4.0K]  vuln
    ├── [ 404]  Dockerfile
    └── [4.0K]  src
        ├── [  28]  requirements.txt
        └── [ 275]  vulnerable_server.py

4 directories, 10 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!