1. Web Security Academy
  2. Request smuggling
  3. Finding
  4. Lab

Lab: HTTP request smuggling, confirming a TE.CL vulnerability via differential responses

This lab involves a front-end and back-end server, and the back-end server doesn't support chunked encoding.

To solve the lab, smuggle a request to the back-end server, so that a subsequent request for / (the web root) triggers a 404 Not Found response.

Want to track your progress and have a more personalized learning experience? (It's free!)

Sign up Login