【Web 应用安全新趋势】 HTTP Desync Attacks: Request Smuggling

正文

原文
https://portswigger.net/blog/http-desync-attacks-request-smuggling-reborn

先知社区
https://xz.aliyun.com/t/5978

Blackhat USA 2019
https://www.blackhat.com/us-19/briefings/schedule/index.html#http-desync-attacks-smashing-into-the-cell-next-door-15153

HTTP 请求夹带(smuggling)攻击 – 艾斯泽 – 博客园
https://www.cnblogs.com/icez/p/web-security-request-smuggling.html

真实世界的漏洞案例
https://hackerone.com/reports/737140

相关工具
https://github.com/PortSwigger/http-request-smuggler

CVE 案例
https://nvd.nist.gov/vuln/detail/CVE-2019-17559

https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E

• #Application Security