1. Web Security Academy
  2. Request smuggling
  3. Exploiting
  4. Lab

Lab: Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability

This lab involves a front-end and back-end server, and the back-end server doesn't support chunked encoding. There's an admin panel at /admin, but the front-end server blocks access to it.

To solve the lab, smuggle a request to the back-end server that accesses the admin panel and deletes the user carlos.

Want to track your progress and have a more personalized learning experience? (It's free!)

Sign up Login