mirror of https://github.com/0x5t4l1n/hunting.git synced 2026-05-26 19:36:33 +00:00

Files

T

copilot-swe-agent[bot] 68b76036df Add comprehensive payloads and 4 new vulnerability types (SSTI, HTTP Request Smuggling, CORS, JWT)

Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>

2026-01-05 14:50:15 +00:00

1.3 KiB

Raw Permalink Blame History

HTTP Request Smuggling

Description

HTTP Request Smuggling occurs when the front-end and back-end servers disagree about where one request ends and the next begins. This vulnerability allows attackers to bypass security controls, gain unauthorized access, and poison web caches.

Vulnerability Types

CL.TE - Content-Length vs Transfer-Encoding
TE.CL - Transfer-Encoding vs Content-Length
TE.TE - Transfer-Encoding obfuscation
CL.CL - Duplicate Content-Length headers

Common Attack Vectors

Front-end/Back-end server desynchronization
Load balancer misconfigurations
Reverse proxy issues
CDN edge servers
WAF bypass

Impact

Bypass security controls
Web cache poisoning
Cross-site scripting
Request hijacking
Credential theft
Access other users' requests

Testing Approach

Send requests with conflicting Content-Length and Transfer-Encoding headers
Observe timing differences and response variations
Test with different header obfuscation techniques
Verify if smuggled requests affect subsequent requests

Common Vulnerable Configurations

HAProxy + Apache
Nginx + Apache
AWS ALB + various backends
Akamai + various backends
Cloudflare + various backends

Payloads

See http-request-smuggling-payloads.txt for a comprehensive list of HTTP Request Smuggling payloads.

1.3 KiB Raw Permalink Blame History