Back to directory
WRITEUP #2204

HTTP Desync Attack (Request Smuggling) - Mass Account Takeover at a Cryptocurrency based asset and 121 other websites

OtherHTTP request smugglingDesync attack
by@AnkitCuriosity(Ankit Singh)
Bounty
4,300
Program
-
Published
Sep 14, 2022
Added to HackDex
Dec 12, 2022
Read Full Writeuphttps://github.com/AnkitCuriosity/Write-Ups/blob/main/HTTP%20Desync%20Attack%20(Request%20Smuggling).md
RELATED WRITEUPS
Gudifu: Guided Differential Fuzzing for HTTP Request Parsing Discrepancies
OtherWeb cache poisoning
Data Theft in Salesforce: Manipulating Public Links
OtherSOQL injection
When Certificates Fail: A Story of Bypassed MFA in Remote Access
Other2FA / MFA bypass
SSTI in Bug Bounty Program: The Time I Played with Handlebars and Broke Stuff
OtherSSTI
Ghost In The Ppl Part 1: Byovdll
OtherUse-After-Free

Built with ❤️ by Shubham Rawat