amiruddin

  • Introduction to CL.TE request smuggling CL.TE stands for Content-Length/Transfer-Encoding. The name CL.TE comes from the two headers involved: Content-Length and Transfer-Encoding. In CL.TE technique, the attacker exploits discrepancies between how different servers (typically a front-end and a back-end server) prioritize these headers. For example: The proxy uses the Content-Length header to determine the end of…

    Read More

  • Exploiting the vulnerability is simple for a red teamer and only requires an API call to /users/password method with the victim and target email address. Connecting to the MachineWe will use an Ubuntu-based machine hosting a GitLab instance to demonstrate the room’s red team perspective. Start the virtual machine by clicking the Start Machine button…

    Read More