You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you try to run simple_http on port 8080 and visit "127.0.0.1:8080/fap=432%424" it's going to crash. This is due to the overridden log_message which thinks the "%424" needs to turn into arguments in the "message % args" part of the log.
The solution can be to .replace("%", "%%") in log_request(), thus escaping the formatting.
(While I'm not versed in Python attacks, in C/C++ this would be a real vulnerability)
The text was updated successfully, but these errors were encountered:
If you try to run simple_http on port 8080 and visit "127.0.0.1:8080/fap=432%424" it's going to crash. This is due to the overridden log_message which thinks the "%424" needs to turn into arguments in the "message % args" part of the log.
The solution can be to .replace("%", "%%") in log_request(), thus escaping the formatting.
(While I'm not versed in Python attacks, in C/C++ this would be a real vulnerability)
The text was updated successfully, but these errors were encountered: