This is legitimately one of the worst vulnerabilities ever discovered. Honestly, this should scare every developer, server host, backend developer, frontend developer, CDN developer, anyone who's software was exploited in the chain and every user on the internet. Being able to inject code to random users page with nothing but a few post requests is absolutely terrifying, and being able to steal plain-text creds is horrifying
As always, outstanding research material by James (albinowax). This is such a big material by itself, I don't know how to understand every bit of this attack. Just checked that his blog on this attack is around 26 pages long with lots of other pointers and links. It's almost kind of a book. I don't know I will be able to understand fully as only a Genius like him can make this type of material and only a Genious will understand it fully. This might take my entire life to go through all research materials that he alone contributes every year. His name will be in the history of Ethical Hacking.
Great exploits. I could smell this vulnerability almost as long as I can remember and it's just insane how long, far and wide it's still applicable after being documented over a decade ago. I never could have done and put together all this research and implemented such effective exploits. Thorough exploration of the problem space. Thorough documentation of cause and effect. GREAT presentation. My favorite from DEFCON 27. I was on the edge of my seat the entire time. On another note, I've been pronouncing the letter H wrong my entire life. Thank you so much for this albinowax!
Massive respect to him...this guy is a genius.
You can find the whitepaper, tool, and online labs at portswigger.net/research/http-desync-attacks-request-smuggling-reborn
Man.. i love how good he explains.. huge respect sir..
This is legitimately one of the worst vulnerabilities ever discovered. Honestly, this should scare every developer, server host, backend developer, frontend developer, CDN developer, anyone who's software was exploited in the chain and every user on the internet. Being able to inject code to random users page with nothing but a few post requests is absolutely terrifying, and being able to steal plain-text creds is horrifying
honestly i like the researches of albinowax "Respect"
As always, outstanding research material by James (albinowax). This is such a big material by itself, I don't know how to understand every bit of this attack. Just checked that his blog on this attack is around 26 pages long with lots of other pointers and links. It's almost kind of a book. I don't know I will be able to understand fully as only a Genius like him can make this type of material and only a Genious will understand it fully. This might take my entire life to go through all research materials that he alone contributes every year. His name will be in the history of Ethical Hacking.
Scariest talk I've ever watched.
Great exploits. I could smell this vulnerability almost as long as I can remember and it's just insane how long, far and wide it's still applicable after being documented over a decade ago. I never could have done and put together all this research and implemented such effective exploits. Thorough exploration of the problem space. Thorough documentation of cause and effect. GREAT presentation. My favorite from DEFCON 27. I was on the edge of my seat the entire time. On another note, I've been pronouncing the letter H wrong my entire life. Thank you so much for this albinowax!
Thx so much for sharing, this is insane - well done!
This is mind blowing research done by james :)
the vast domain space of http
and a brilliant mind laying it down like Shakespeare
extremely insightful
thank you
this guy is amazing
Missed opertunity to call this a : Joiny Cache vulnerability
Super awesome, what a good talk !
Thanks for sharing your knowledge \o/
😊❤
This is awesome!
0 dislikes - that's my boy standard : )
Very well done!
Awesome!
*_great_*
Godly guy.
awesome
😍😍😍
wizard class hacker
wow I want to be that smart one day lol... then maybe I can get PayPal to give me 40k too haha
fucking awesome