HTTP request smuggling exploits discrepancies between how frontend servers (load balancers, CDNs, proxies) and backend servers parse HTTP requests — particularly Content-Length and Transfer-Encoding headers. A successful attack can: bypass security controls, access other users' requests, poison web caches, and in some cases achieve remote code execution. Testing involves sending specially crafted requests with conflicting Content-Length and Transfer-Encoding headers to identify CL.TE, TE.CL, and TE.TE desynchronisation vulnerabilities.
Technical
HTTP Request Smuggling: Exploiting Discrepancies Between Frontend and Backend Servers para empresas hispanohablantes
Request smuggling exploits differences in how frontend and backend servers parse HTTP requests. A sophisticated attack with severe impact. Guidance for ES market.