writeups.xyz / How dangerous is Request Splitting, a vulnerability in Golang or how we found the RCE in Portainer and hacked Uber

Submitter : c2a

Date: 25 May 2020

Bounty : undisclosed

Vulnerabilities :

• HTTP Request Splitting
• SSRF
• CRLF Injection
• RCE

Programs :

• Uber

Authors :

• Andrey Abakumov (@Andrewaeva)

Link :
https://andrei-abakumov.medium.com/how-dangerous-is-request-splitting-a-vulnerability-in-golang-or-how-we-found-the-rce-in-portainer-7339ba24c871