HTTP Request Smuggling on business.apple.com and Others. ($36000 USD)

We discussed this vulnerability during Episode 135 on 11 April 2022

Somewhat traditional CE.TE request smuggling attack on a few of Appleā€™s domains. The main trick with this one was to place a \n in the Transfer-Encoding header name. So the full header being Transfer-Encoding\n : chunked This allowed the TE header to be smuggled through any checks on the frontend and still be parsed by the backend server.