Back to directory

WRITEUP #1557

http: properly reject empty http header field names

OtherHTTP header attackHTTP request smugglingAccess control bypass

by@BahruzJabiyev(Bahruz Jabiyev)

Program

HAProxy

Published

Feb 14, 2023

Added to HackDex

Feb 26, 2023

Read Full Writeuphttps://github.com/haproxy/haproxy/commit/a8598a2eb11b6c989e81f0dbf10be361782e8d32

▸ RELATED WRITEUPS

Gudifu: Guided Differential Fuzzing for HTTP Request Parsing Discrepancies

OtherWeb cache poisoning

Data Theft in Salesforce: Manipulating Public Links

OtherSOQL injection

When Certificates Fail: A Story of Bypassed MFA in Remote Access

Other2FA / MFA bypass

SSTI in Bug Bounty Program: The Time I Played with Handlebars and Broke Stuff

Ghost In The Ppl Part 1: Byovdll

OtherUse-After-Free

Built with ❤️ by Shubham Rawat