HTTP Request Smuggling–H2 CRLF Header Injection Part 2
In the previous post, we looked at an HTTP/2 downgrade attack where we injected CRLF characters into a header and that allowed us to smuggle the Transfer-Encoding header through the H2 frontend. If the Transfer-Encoding header was provided as a…