webPromedium

Lab 275 — GatewayPulse — Proxy ACL Bypass via Path Case Normalization

hackadvisor

Task: nginx reverse proxy with case-sensitive location ACL blocking /admin/ endpoints in front of Express.js backend with case-insensitive routing. Solution: Path case normalization bypass — capitalize /Admin/flag to evade nginx ACL while Express still routes it to the admin handler.

$ ls tags/ techniques/

case_sensitivity nginx express acl_bypass reverse_proxy path_normalization honeypot_decoy proxy_backend_desync

anti_honeypot_awarenesspath_case_normalization_bypassnginx_case_sensitive_location_bypassproxy_backend_routing_desync

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[web][Pro]Lab 322 — NetPulse — IP Spoofing to RCE via Polling Agent API— hackadvisor
[web][Pro]Lab 248 — PulseBoard — Next.js Middleware Authorization Bypass— hackadvisor
[web][Pro]Lab 326 — PulseBoard — NoSQL Injection in Authentication— hackadvisor
[web][Pro]Lab 375 — PageFlow — Web Cache Deception via Path Normalization— hackadvisor
[web][Pro]Lab 120 — InfraPulse— hackadvisor