HTTP Request Smuggling – HTTP/2 Request Tunnelling
Time for another one of the advanced labs on the PortSwigger Web Security Academy. For this lab, we are dealing[…]
Read more
Author: scomurr
HTTP Request Smuggling – Web Cache Poisoning for Deception
This lab is a bit similar to the last, however, it has a completely different purpose. In the previous, we[…]
Read more
HTTP Request Smuggling – Web Cache Poisoning
This lab is a lot of fun and requires chaining together techniques to fully exploit. First, we have to identify[…]
Read more
HTTP Request Smuggling – Admin Access via CL.0 Vulnerability
This next lab represents an interesting vulnerability where specific paths/routes within an application are vulnerable to desync when there is[…]
Read more
HTTP Request Smuggling–H2 CRLF Header Injection Part 2
In the previous post, we looked at an HTTP/2 downgrade attack where we injected CRLF characters into a header and[…]
Read more