Add comprehensive payloads and 4 new vulnerability types (SSTI, HTTP Request Smuggling, CORS, JWT)

Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>

HTTP-Request-Smuggling/README.md

@@ -0,0 +1,41 @@
+# HTTP Request Smuggling
+
+## Description
+HTTP Request Smuggling occurs when the front-end and back-end servers disagree about where one request ends and the next begins. This vulnerability allows attackers to bypass security controls, gain unauthorized access, and poison web caches.
+
+## Vulnerability Types
+- **CL.TE** - Content-Length vs Transfer-Encoding
+- **TE.CL** - Transfer-Encoding vs Content-Length
+- **TE.TE** - Transfer-Encoding obfuscation
+- **CL.CL** - Duplicate Content-Length headers
+
+## Common Attack Vectors
+- Front-end/Back-end server desynchronization
+- Load balancer misconfigurations
+- Reverse proxy issues
+- CDN edge servers
+- WAF bypass
+
+## Impact
+- Bypass security controls
+- Web cache poisoning
+- Cross-site scripting
+- Request hijacking
+- Credential theft
+- Access other users' requests
+
+## Testing Approach
+1. Send requests with conflicting Content-Length and Transfer-Encoding headers
+2. Observe timing differences and response variations
+3. Test with different header obfuscation techniques
+4. Verify if smuggled requests affect subsequent requests
+
+## Common Vulnerable Configurations
+- HAProxy + Apache
+- Nginx + Apache
+- AWS ALB + various backends
+- Akamai + various backends
+- Cloudflare + various backends
+
+## Payloads
+See `http-request-smuggling-payloads.txt` for a comprehensive list of HTTP Request Smuggling payloads.