Have you heard of the term HTTP Request Smuggling? What about HTTP/2 Downgrading? Well, these are vulnerabilities that can be exploited by cybercriminals when there are issues between the front-end and back-end of websites. If left unresolved, these can result in some very dire consequences for any business. The IT Security Guru chatted with Love Andren, Junior Application Security Auditor, Ghostlabs AppSec at Outpost24, to understand more about this threat.
IT Security Guru (ISG) – What is HTTP Request Smuggling?
Love – An exploit that abuses the fact the web server allows two separate methods when calculating body length, Transfer-Encoding and Content-Length. If both are sent in a single request, it could cause either the front-end or back-end server to interpret the request incorrectly, causing a desync in the back-end server. When done correctly, it would let an attacker smuggle a second HTTP request inside the first one, the response would then be served to the person issuing the next request to the application.
The most common techniques are built around specifying the length of the request body to a value smaller than the actual request body is. This then causes either the front- or back-end server to believe the request ends at a certain point, and the remaining part of the body containing the malicious request, gets smuggled.
The impact ranges from hijacking sessions, bypassing access control to Cross site scripting attacks.
ISG – What is HTTP/2 Downgrading?
Love – While HTTP/2 is widely used, there are still legacy back-end server that exclusively use HTTP/1 since it is still new. Since a HTTP/2 request compared to HTTP/1 is similar when it comes to structure (not the way they are sent) it is straightforward process to conve ..
Support the originator by clicking the read the rest link below.
