image Get the whitepaper, toolkits & remediation guides → http1mustdie.com

Lab: 0.CL request smuggling

This lab is vulnerable to 0.CL request smuggling.

Carlos visits the homepage every five seconds. To solve the lab, exploit the vulnerability to execute alert() in his browser.

Required knowledge

This lab is based on real-world vulnerabilities discovered by PortSwigger Research. For full details on 0.CL request smuggling, see the HTTP/1.1 Must Die whitepaper by James Kettle.

Solution

We're providing a live walkthrough for this lab. Join James Kettle on 15 August at 11AM PT as he solves it using advanced 0.CL request smuggling techniques.

A recording of the session will be published here afterwards.