Magic: HTTP SMUGGLING EXPOSED HMAC/DOS
HTTP SMUGGLING EXPOSED HMAC / DOS Using the transfer-encoding header and following it with a zero. The back end leaked the hmac the back end reflected back the hmac key encryption type, and a lot of details. Further testing had it reflect more headers. http-smuggling-dashboard-fortmatic.png we wi...