Abstract
A new hacking technique HTTP request smuggling (HRS) and the damages that it can inflict, are discussed. HRS send multiple HTTP requests that cause two attacked devices to see different sets of requests, allowing the hacker to smuggle a request to one device without the other device being aware of it. The attacker can change the entries in the cache, so that an existing page would be cached under another page. It is also possible to exploit a vulnerability in the Web application to steal client credentials without the need to actually contact the client.
Original language | English |
---|---|
Pages | 13-26 |
Number of pages | 14 |
Volume | 22 |
No | 1 |
Specialist publication | Computer Security Journal |
State | Published - Dec 2006 |