writeups.xyz writeups.xyz / HTTP Request Smuggling

Title Vulnerabilities Programs Authors
Gudifu: Guided Differential Fuzzing for HTTP Request Parsing Discrepancies
Unveiling TE.0 HTTP Request Smuggling: Discovering a Critical Vulnerability in Thousands of Google Cloud Websites
Making desync attacks easy with TRACE
HTTP is dead... Long live HTTP?!
From Akamai to F5 to NTLM... with love.
Refresh: Compromising F5 BIG-IP With Request Smuggling | CVE-2023-46747
DoubleQlik: Bypassing the Fix for CVE-2023-41265 to Achieve Unauthenticated Remote Code Execution
ZeroQlik: Achieving Unauthenticated Remote Code Execution via HTTP Request Tunneling and Path Traversal
Abusing Client-Side Desync on Werkzeug
CVE 2023 25690 - Proof of Concept
http: properly reject empty http header field names
The easiest way I used to bypass an admin panel
Client Side Desync Attack (CL.0 Request Smuggling) — Bounty of $150
My First Critical Bug In HackerOne Platform
CVE-2022-35256 - HTTP Request Smuggling in NodeJS
Making HTTP header injection critical via response queue poisoning
How an Akamai misconfiguration earned us USD 46.000
HTTP Desync Attack (Request Smuggling) - Mass Account Takeover at a Cryptocurrency based asset and 121 other websites
How to turn security research into profit: a CL.0 case study
FRAMESHIFTER: Security Implications of HTTP/2-to-HTTP/1 Conversion Anomalies
Advanced Inter-Process Desynchronization in SAP’s HTTP Server
Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
HTTP Request Smuggling on business.apple.com and Others.
HDiff: A Semi-automatic Framework for Discovering Semantic Gap Attack in HTTP Implementations
ICMAD SAP Vulnerabilities (CVE-2022-22536, CVE-2022-22532 & CVE-2022-22533)