Original Post: HTTP Request Smuggling on business.apple.com and Others.
This vulnerability was analyzed during Episode 135 on 11 April 2022
Somewhat traditional CE.TE request smuggling attack on a few of Appleās domains. The main trick with this one was to place a \n in the Transfer-Encoding header name. So the full header being Transfer-Encoding\n : chunked This allowed the TE header to be smuggled through any checks on the frontend and still be parsed by the backend server.