Cloudflare Public Bug Bounty: HTTP Request Smuggling in Transform Rules using hexadecimal escape sequences in the concat() function
The Edge Rules engine used by Cloudflare Transform Rules features string modifying functions like lower and concat, which accepted hexadecimal-encoded characters such as ā\x0a\x0dā. This allowed for manipulation of request headers e.g. injecting an additional header and, as a consequence, made HT...
