Request Smuggling
Request Smuggling is a request that is interpreted as two by the back-end while the others only saw one request.
This often works by injecting something in the HTTP Headers.
One specific sub-attack is called CRLF Injection. For instance, it may be used to corrupt logs by inserting malicious logs.
Another kind of attack exploiting HTTP Headers is called Verb Tampering. If the webserver is misconfigured or the code contains logic flaws, another HTTP method might be accepted while we are denied access with the 'intended' HTTP methods.
-
Ex: A website expecting a POST request but using
$_REQUEST
may be vulnerable to injection using GET (Refer to Logic Flaws) -
Ex: A website using
.htaccess
to request a password might be misconfigured and bypassed usingGETS
orPUT
etc.
π» To-do π»
Stuff that I found, but never read/used yet.