-
|
Hi, I can see that we can send hexadecimal characters in request body using the hex_decode, but when I try to use this function in a header value - for example the Referer header, I get error saying 'Could not execute request for ... net/http: invalid header field value for "Referer"' |
Beta Was this translation helpful? Give feedback.
Replies: 5 comments
-
|
@xqd-ai do you have example template to share? |
Beta Was this translation helpful? Give feedback.
-
|
@ehsandeep This template, just copied the '{{hex_decode('630200480004')}}' line from body and added it in Referer header, you will get the error |
Beta Was this translation helpful? Give feedback.
-
|
@xqd-ai, you need to use id: CVE-2020-15505
info:
name: MobileIron Core & Connector <= v10.6 & Sentry <= v9.8 - Remote Code Execution
author: dwisiswant0
severity: critical
requests:
- raw:
- |
POST /mifs/.;/services/LogService HTTP/1.1
Host: {{Hostname}}
Referer: {{hex_decode('630200480004')}}
Content-Type: x-application/hessian
Connection: close
{{hex_decode('630200480004')}}
unsafe: true |
Beta Was this translation helpful? Give feedback.
-
|
@ehsandeep Great! it worked! Thank you so much! |
Beta Was this translation helpful? Give feedback.
@xqd-ai, you need to use
unsafe: trueto send malformed headers, for example -