HTTP request Smuggling (CL.TE) - Helium

Program: Helium Bug Type: HTTP request smuggling Bounty: Unspecified Date: 2020-05-07

http-request-smuggling http1.1-must-die desync

Summary

The researcher found an HTTP request smuggling (CL.TE) vulnerability in an application where the frontend uses Content length header and the backend uses Transfer encoding. The researcher successfully demonstrated the impact by showing that a victim can be potentially redirected to attacker website.

References

https://hackerone.com/reports/867952

← Back to Reports