We're providing a live walkthrough for this lab. Join James Kettle on 15 August at 11AM PT as he solves it using advanced 0.CL request smuggling techniques.
A recording of the session will be published here afterwards.
This lab is vulnerable to 0.CL request smuggling.
Carlos visits the homepage every five seconds. To solve the lab, exploit the vulnerability to execute alert()
in his browser.
This lab is based on real-world vulnerabilities discovered by PortSwigger Research. For full details on 0.CL request smuggling, see the HTTP/1.1 Must Die whitepaper by James Kettle.