Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V5 - Validation/Sanitization

HTTP Request Smuggling

POC

Here are some good methods shared in the following posts: - https://blog.cobalt.io/a-pentesters-guide-to-http-request-smuggling-8b7bf0db1f0 - https://medium.com/@knownsec404team/protocol-layer-attack-http-request-smuggling-cc654535b6f - https://medium.com/cyberverse/http-request-smuggling-in-plain-english-7080e48df8b4 - https://memn0ps.github.io/2019/09/13/HTTP-Request-Smuggling-CL-TE.html

Impact

Low-Medium-High (depends on the attack)

Likelihood

Low-Medium-High (depends on the attack)