The code example below is vulnerable to ProxyNotShell
import java.net.URL;
import java.net.URLConnection;
public class Example {
public static void main(String[] args) {
try {
URL url = new URL("https://www.example.com");
URLConnection connection = url.openConnection();
connection.setRequestProperty("Proxy-Connection", "open");
connection.connect();
} catch (Exception e) {
e.printStackTrace();
}
}
}The Proxy-Connection header, which can be used to bypass security restrictions and execute arbitrary commands on the server. An attacker could set the Proxy-Connection header to a specially crafted value that includes malicious code, which could then be executed on the server.
Remove the Proxy-Connection header from the request, since it is not necessary for the connection to the remote server.
import java.net.URL;
import java.net.URLConnection;
public class Example {
public static void main(String[] args) {
try {
URL url = new URL("https://www.example.com");
URLConnection connection = url.openConnection();
connection.connect();
} catch (Exception e) {
e.printStackTrace();
}
}
}