azurit
azurit
@touchweb-vincent As you don't want to explain yourself, i can only guess what are you up to. So, see this: ``` $ curl --http2 -H "x-format-output: txt-matched-rules" -H "x-crs-paranoia-level:4" "http://sandbox.coreruleset.org/"...
Of course i tested it also on real server. What i said is correct.
``` $ curl "https://***/test.php" -d '{"id_order":"select(sleep(10));"}' Array ( [{"id_order":"select(sleep(10));"}] => ) $ curl "https://***/test.php" -d '{"id_order":"select(sleep(10));"}' -H 'Content-Type:' Array ( ) $ curl "https://***/test.php" -d '{"id_order":"select(sleep(10));"}' -H 'Content-Length:' Array (...
I did exactly the same as you. If not, then you are not clear enough in what you are up to, as i said it (X times) already.
Explain what is wrong/different with my tests.
So tell me the difference. Do you mean `--http2` switch?
Because there is not difference if i use `-H 'Content-Type:'` and `-H 'Content-Length:'` togather or not. But here you go: ``` $ curl "https://***/test.php" -d '{"id_order":"select(sleep(10));"}' --http2 -H 'Content-Length:' -H...
``` $ curl "https://***/test.php" -d '{"id_order":"select(sleep(10));"}' --http2 Array ( [{"id_order":"select(sleep(10));"}] => ) ```
Debian 11, Apache 2.4.65, curl 7.74.0. No proxy.
> For the POC to work, HTTP/2 must be handled properly - are you sure the server accepts it and is capable of processing it? Just noticed i used different...