CVE-2016-5386: HTTPoxy/Golang HTTProxy namespace conflict

Bookmarked!

This exercise covers the exploitation of HTTPoxy against an old version of Golang

PRO Medium < 1 Hr. 942 Orange Badge

Course

This lab covers the exploitation of CVE-2016-5386, a vulnerability in older versions of the Golang HTTP library when used as a CGI. By manipulating the <code>Proxy:</code> header, an attacker can force the CGI to connect to a malicious proxy.

Skills covered

Injection Client Side Network

CWE-284

Included with PRO

Full course content 3 videos Common mistakes

Ready to practice?

Get access to this lab and 600+ hands-on exercises with a PRO subscription.

Go PRO or create a free account