HTTP Request Smuggling – H2 CRLF Injection
In this next lab, we have to go a bit deeper into the differences between how HTTP/1.1 and HTTP/2 are[…]
Read more
Author: scomurr
HTTP Request Smuggling – HTTP/2 Downgrade Attack Part 2
In the previous lab we looked at a H2.TE vulnerability. To exploit, we needed to upgrade the request from HTTP/1.1[…]
Read more
HTTP Request Smuggling – HTTP/2 Downgrade Attack
This is a unique attack and takes advantage of an implementation that accepts HTTP/2 requests but then downgrades the requests[…]
Read more
HTTP Request Smuggling – Reflected XSS via Headers
In this post, we’re going to be looking at utilizing the headers within a smuggled request to fire a cross[…]
Read more
HTTP Request Smuggling – Stealing Session Cookies
We’re getting to the good stuff now! We’ve moved past theory again with this lab and now we’re using a[…]
Read more