Request smuggling on admin-official.line.me could lead to account takeover

Program: LY corporation Bug Type: HTTP request smuggling Bounty: Unspecified Date: 2019-11-18

http-request-smuggling http1.1-must-die desync

Summary

The researcher found an HTTP request smuggling (TE.CL) vulnerability in an application where the frontend uses Transfer encoding header and the backend uses Content Length.

References

https://hackerone.com/reports/740037

← Back to Reports