HTTP Request Smuggling

This happens when there is a confusion between frontend(ex:apache/nginx) & backend on which header to prioritize between content-length & transfer-encoding. Best Explaination - https://www.youtube.com/watch?v=mijOcGLneLU Impact - Self XSS to Refected, Open Redirect, Somecases Credential Theft.

Remediation - Both Frontend & Backend must prioritize same headers.

PreviousCookie SecurityNextXXE Cheatsheet

Last updated