Leveraging HTTP Request Smuggling for Authentication Bypass and Remote Code Execution

Explore a comprehensive conference talk from Hack In The Box Security Conference that delves into HTTP Request Smuggling (HRS) vulnerabilities and their critical impact on enterprise security. Learn about three significant HRS vulnerabilities discovered in F5 BIG-IP and Qlik Sense Enterprise systems that affected approximately 10% of Fortune 500 companies. Understand the evolution of HRS since its emergence in 2005, examining real-world scenarios beyond theoretical examples, including detailed analysis of CVE-2023-41265, CVE-2023-48365, and CVE-2023-46747. Master practical approaches to identifying HRS vulnerabilities in application architecture, particularly in systems where different components process HTTP requests and handle security models separately. Gain valuable insights into vulnerability assessment techniques and learn essential remediation strategies for protecting against request smuggling attacks. Presented by Adam Crosser, a staff security engineer specializing in offensive research and development at Praetorian, this 40-minute presentation offers crucial knowledge for security professionals seeking to enhance their understanding of modern web application vulnerabilities.