WRITEUP #171

Unveiling TE.0 HTTP Request Smuggling: Discovering a Critical Vulnerability in Thousands of Google Cloud Websites

CloudHTTP request smuggling

by@sw33tLie(Paolo Arnolfo)

Bounty

8,500

Program

Google (GCP)

Published

Jul 17, 2024

Added to HackDex

Jul 22, 2024

Read Full Writeuphttps://www.bugcrowd.com/blog/unveiling-te-0-http-request-smuggling-discovering-a-critical-vulnerability-in-thousands-of-google-cloud-websites/

▸ RELATED WRITEUPS

The Hunt for ALBeast: A Technical Walkthrough

CloudAWS ALB

Addressed AWS defaults risks: OIDC, Terraform and Anonymous to AdministratorAccess

CloudOIDC

Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD

CloudPrivilege escalation

Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources

CloudRCE

UnOAuthorized: Privilege Elevation Through Microsoft Applications

CloudPrivilege escalation

Built with ❤️ by Shubham Rawat