Lab: Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability
Lab doesn't seem to be working for me, even when I follow the solution. Getting timeout errors. This is what I'm trying to use, host url is correct, target is correct, update content length is not checkmarked, and keey getting time out error after 10000ms. Having similar issues in other labs of this category.
POST / HTTP/1.1
POST /admin HTTP/1.1
I have just worked through this lab and was able to solve it using the instructions provided.
Have you added two carriage returns (pressing the Enter key twice) after the final 0 in the request that you have created in Burp Repeater? This is specified in the solution but some people do miss it.
Turns out, I thought that admin panel access would be reflected on the admin webpage---turns out it wasn't. You just had to assume you had admin access/ since no errors were returned. I went ahead and ran the code to delete Carlos and it went through!
I am glad that you were able to solve your issue.
Please let us know if you need any further assistance with anything in the future.