This request triggered an extremely suspicious intermittent 400 Bad Request response from various websites that were running AWS Application Load Balancer (ALB) as their front-end. Investigation revealed that ALB was mysteriously adding a 'Transfer-Encoding: chunked' header while downgrading the request to HTTP/1.1 for forwarding to the back-end, without making any alterations to the message body:
Published: 05 January 2022 at 14:35 UTC Updated: 31 January 2022 at 15:02 UTC Update: nominations are now closed, but voting is live! Cast your vote here. Nominations are now open for the top 10 new web hacking techniques of 2021! Every year security researchers share their discoveries via blog posts, presentations, and whitepapers. Every write-up is valuable, but some contain something special -
Published: 16 November 2015 at 11:25 UTC Updated: 14 June 2019 at 12:03 UTC At PortSwigger, we regularly run pre-release builds of Burp Suite against an internal testbed of popular web applications to make sure it's behaving properly. Whilst doing this recently, Liam found a Cross-Site Scripting (XSS) vulnerability in [REDACTED], inside a hidden input element: <input type="hidden" name="redacted"
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
処理を実行中です
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く