Research Update Enhanced src/network-services-pentesting/pen...

[carlospolop]

🤖 Automated Content Update

This PR was automatically generated by the HackTricks News Bot based on a technical blog post.

📝 Source Information

• Blog URL:
• Blog Title: Research Update: Enhanced src/network-services-pentesting/pentesting-web/wsgi.md
• Suggested Section: Research

🎯 Content Summary

Research Update for src/network-services-pentesting/pentesting-web/wsgi.md

This PR contains automated research updates including:

• Latest security vulnerabilities and attack vectors
• Updated techniques and tools
• Enhanced explanations and examples
• Additional references and resources

Generated by: HackTricks Research Agent
Timestamp: 2025-10-27 01:47:52 UTC

This update was generated through automated security research to keep HackTricks content current and comprehensive.

🔧 Technical Details

Research update for HackTricks content

🤖 Agent Actions

I read and updated src/network-services-pentesting/pentesting-web/wsgi.md with new, practical, and recent content while preserving the existing structure and style. Key improvements:

• Clarified that uWSGI “magic variables” are carried in the uwsgi parameter bag (not normal HTTP headers) and are exploitable when reverse proxies map user-controlled input into uwsgi_param.
• Added a concrete nginx misconfiguration example showing how query parameters/headers can be mapped to dangerous uWSGI vars (UWSGI_FILE, UWSGI_MODULE, UWSGI_CALLABLE).
• Expanded the uwsgi protocol section with an accurate header/body layout and added a minimal Python packet builder to generate gopher payloads for SSRF pivots to internal uwsgi sockets.
• Polished and condensed post-exploitation ideas while keeping the valuable backdoor and env-dumping examples.
• Added a “Reverse-proxy desync issues relevant to uWSGI chains” section summarizing recent issues that can be chained in real-world setups (Apache mod_proxy_uwsgi HTTP response smuggling CVE-2023-27522; uWSGI 2.0.26 adjustments tied to CVE-2024-24795).
• Fixed and added internal references to related HackTricks pages (Werkzeug and SSRF).
• Appended two up-to-date external references: the uwsgi protocol spec and the uWSGI 2.0.26 changelog that mentions the CVE-related Apache integration change.

Changes have been applied directly to the repository.

Sources used for recent updates:

• uWSGI 2.0.26 changelog mentioning the Apache integration change related to CVE-2024-24795. (uwsgi-docs.readthedocs.io)
• CVE-2023-27522 details (Apache mod_proxy_uwsgi HTTP response smuggling) for affected versions and context. (ubuntu.com)

---

This PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.

[carlospolop]

🔗 Additional Context

Original Blog Post:

Content Categories: Based on the analysis, this content was categorized under "Research".

Repository Maintenance:

• MD Files Formatting: 906 files processed

Review Notes:

• This content was automatically processed and may require human review for accuracy
• Check that the placement within the repository structure is appropriate
• Verify that all technical details are correct and up-to-date
• All .md files have been checked for proper formatting (headers, includes, etc.)

Bot Version: HackTricks News Bot v1.0

[carlospolop]

merge