3 Videos for CVE-2016-5386: HTTPoxy/Golang HTTProxy namespace conflict

PRO
Tier
difficulty_medium_icon
Medium
clock icon
< 1 Hr.
number of users completed icon
920
badge icon
Orange Badge
image of exercise CVE-2016-5386: Introduction
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
CVE-2016-5386: Introduction

In this video, we cover the exercise CVE-2016-5386, also known as HTTPoxy, as part of the orange badge. The video explains how HTTP requests are processed by a web server and CGI, and how a Proxy header injection can exploit this to intercept requests.

video duration icon03:47 number of views icon1089

 

image of exercise CVE-2016-5386/HTTPoxy: exploitation
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
Spoiler
CVE-2016-5386/HTTPoxy: exploitation

In this video, we explore the CVE-2016-5386 vulnerability, also known as HTTPoxy, as part of the orange badge exercise. We demonstrate how to detect and exploit this vulnerability to gain unauthorized access.

video duration icon02:35 number of views icon1379

 

image of exercise CVE-2016-5386: Analysis
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
CVE-2016-5386: Analysis

In this video, we analyze CVE-2016-5386, a vulnerability affecting Golang's CGI implementation. This flaw allows the creation of an HTTP_PROXY environment variable, leading to unexpected behavior in HTTP clients.

video duration icon04:59 number of views icon121