$750 Bounty: for HTTP Request Smuggling on Data.gov
1 min read
Summary
A recent bug bounty report has uncovered a vulnerability in Data.gov that could have allowed an attacker to steal cookies and deface the site, as well as potentially carry out a client-side compromise.
The report revealed a classic front-end/back-end disagreement in HTTP parsing, which stems from misconfiguration between the two sides in understanding headers within HTTP requests.
This led to a request desynchronisation that then allowed the researcher to inject scripts and carry out a content defacement attack.
This is particularly dangerous as it would have given the attacker the opportunity to steal cookies and not only impersonate a logged-in user, but also potentially carry out deeper penetration into other areas of the web application or even the broader internal network.
This report is a strong reminder of the need for front-end and back-end developers to work closely together to align on all aspects of HTTP handling.