WRITEUP #4667

How dangerous is Request Splitting, a vulnerability in Golang or how we found the RCE in Portainer and hacked Uber

SSRFHTTP request splittingCRLF injectionRCE

by@andrewaeva(Andrey Abakumov)

Program

Uber

Published

May 25, 2020

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://andrei-abakumov.medium.com/how-dangerous-is-request-splitting-a-vulnerability-in-golang-or-how-we-found-the-rce-in-portainer-7339ba24c871

▸ RELATED WRITEUPS

Vulnerabilities in Homepage Dashboard

RCESSRF

Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!

RCEConfusion attack

Shelltorch Explained: Multiple Vulnerabilities in Pytorch Model Server (Torchserve) (CVSS 9.9, CVSS 9.8) Walkthrough

AI / LLMAI

Vulnerabilities in Open Source C2 Frameworks

RCEOS command injection

[2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package

RCEDependency confusion

Built with ❤️ by Shubham Rawat