Type your comment> @commercialeer said:
I’ve found the script, but I’m not entirely certain what it does. I am not looking for the answer so much as a nudge as to what I should be researching next. I have some small understanding of the language, but could use a little help on how to understand constructing an input that triggers an unwanted response from the server. Have tried a few random curls to see if something interesting happens, but no dice.
If you talking about first script (from web server) - look for comments in code from author, if developer does not particularly understand how something should be done, then this something have high probability of being vulnerable.
And you can look at how to make HTTP requests with python requests lib, it is doing some staff for you, so you can input raw (no encoding) uri’s and they will be properly understood by this server.