Vulnerabilities tagged 'research'

Exploiting URL Parsing Confusion Vulnerabilities

Different URL parser may treat mistakes in the URL differently, leading to behaviour differences that can be used. This research paper focused on five potential areas where parses disagreed on how to understand the URL

 

HTTP Header Smuggling Attacks Againsts AWS API Gateway

First, what is header smuggling? The idea of header smuggling is to create a request whose headers will be parsed differently by different servers in the potential chain of proxies it passes through.For example, one server might simply scan for the header starting with “Content-Length” to find the content length header, ignoring that it is actually Content-Length abcd: [value]