CVE-2021-40346 PoC — Haproxy HAProxy 输入验证错误漏洞

Source

https://github.com/donky16/CVE-2021-40346-POC

Associated Vulnerability

Title:Haproxy HAProxy 输入验证错误漏洞 (CVE-2021-40346)
Description:Haproxy HAProxy是法国HAProxy（Haproxy）公司的一款开源的TCP/HTTP负载均衡服务器。该服务器提供4层、7层代理，并能支持上万级别的连接，具有高效、稳定等特点。 HAProxy 存在输入验证错误漏洞，该漏洞源于 HAProxy 中的 htx_add_header() 和 htx_add_trailer() 函数中缺少标头名称长度检查可能会导致请求走私攻击或响应拆分攻击。

Description

CVE-2021-40346 integer overflow enables http smuggling

Readme

# CVE-2021-40346-POC #

CVE-2021-40346 integer overflow enables http smuggling

整数溢出导致的http请求走私

中文分析：[HAProxy请求走私漏洞（CVE-2021-40346）分析](https://forum.butian.net/share/694)

Reference: https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/

## Build ##
```sh
git clone https://github.com/donky16/CVE-2021-40346-POC.git
cd CVE-2021-40346-POC 
docker-compose build 
docker-compose up -d
```
## Exploit ##

![image-20210910162235855](ReadMe.assets/image-20210910162235855.png)

File Snapshot


 [4.0K]  /data/pocs/416b2bcf95d4861702c555fbff7e21ba5fbae5d0
├── [4.0K]  config
│   └── [ 312]  haproxy.cfg
├── [ 201]  docker-compose.yml
├── [ 239]  Dockerfile
├── [ 11K]  LICENSE
├── [ 292]  main.py
├── [ 413]  payload
├── [4.0K]  ReadMe.assets
│   └── [ 20K]  image-20210910162235855.png
└── [ 605]  README.md

2 directories, 8 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!