Burp Suite User Forum

Login to post

Academy Leaning Material minor mistake on "Finding HTTP request smuggling vulnerabilities" page.

James | Last updated: Oct 08, 2021 12:52AM UTC

Not sure if this is the correct place to raise this but I believe there is a small issue with the learning material on this page - https://portswigger.net/web-security/request-smuggling/finding. Specifically the request under the heading "Confirming TE.CL vulnerabilities using differential responses" reads as below: POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded Content-Length: 4 Transfer-Encoding: chunked 7c GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded Content-Length: 144 x= 0 I believe '7c' is a mistake for the chunk size as it should actually be '7a' (including trailing \r\n\r\n).

You need to Log in to post a reply. Or register here, for free.