From b0c8b74e63fd99148ad4c7c5383de968fcdfc6b5 Mon Sep 17 00:00:00 2001 From: luissaiz Date: Fri, 29 Nov 2019 11:56:14 +0100 Subject: [PATCH] Update index.rst (#97) --- docs/source/examples/index.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/source/examples/index.rst b/docs/source/examples/index.rst index 7a75c60..a14445f 100644 --- a/docs/source/examples/index.rst +++ b/docs/source/examples/index.rst @@ -381,14 +381,14 @@ In this example, an attacker can inject arbitrary parameters to ``ls``. ls $(kapow get /request/matches/value) | kapow set /response/body EOF -Exploding using curl: +Exploiting using curl: .. code-block:: console :linenos: $ curl "http://localhost:8080/vulnerable/-li%20hello" -**This examples is NOT VULNERABLE to parameter injection** +**This example is NOT VULNERABLE to parameter injection** Be aware of how we add double quotes when we recover *value* data from the request: