Outpost24 Blog - Hijacking Sessions using HTTP Request Smuggling

Outpost24 Blog - Hijacking Sessions using HTTP Request Smuggling

Write-up

In this blog (linked above) I walkthrough one of the most complex exploits I have created to-date resulting in application-wide session hijacking via HTTP Request Smuggling. The exploit abused response queue poisoning to desynchronize the application's response queue, and a small reflection gadget on the login page to eventually allow us to capture other users' requests including (of course) their session cookies.