Dark-Alex-17/kapow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update index.rst (#97)

Browse Source
This commit is contained in:
luissaiz
2019-11-29 11:56:14 +01:00
committed by pancho horrillo
parent 2e1455cb61
commit b0c8b74e63
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/source/examples/index.rst
+2 -2
View File
@@ -381,14 +381,14 @@ In this example, an attacker can inject arbitrary parameters to ``ls``.
ls $(kapow get /request/matches/value) | kapow set /response/body ls $(kapow get /request/matches/value) | kapow set /response/body
EOF EOF
Exploding using curl: Exploiting using curl:
.. code-block:: console .. code-block:: console
:linenos: :linenos:
$ curl "http://localhost:8080/vulnerable/-li%20hello" $ curl "http://localhost:8080/vulnerable/-li%20hello"
**This examples is NOT VULNERABLE to parameter injection** **This example is NOT VULNERABLE to parameter injection**
Be aware of how we add double quotes when we recover *value* data from the Be aware of how we add double quotes when we recover *value* data from the
request: request: