{"image_url":null,"height":"190","provider_name":"Hatena Blog","categories":["Web Security Academy","Smuggling"],"blog_title":"Shikata Ga Nai","blog_url":"https://cysec148.hatenablog.com/","width":"100%","author_url":"https://blog.hatena.ne.jp/ThisIsOne/","title":"HTTP request smuggling, confirming a TE.CL vulnerability via differential responses","author_name":"ThisIsOne","url":"https://cysec148.hatenablog.com/entry/2025/09/16/183117","html":"<iframe src=\"https://hatenablog-parts.com/embed?url=https%3A%2F%2Fcysec148.hatenablog.com%2Fentry%2F2025%2F09%2F16%2F183117\" title=\"HTTP request smuggling, confirming a TE.CL vulnerability via differential responses - Shikata Ga Nai\" class=\"embed-card embed-blogcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;\"></iframe>","type":"rich","version":"1.0","description":"Hello there, ('\u03c9')\u30ce \u8981\u7d04\uff08\u7d50\u8ad6\uff09 \u3053\u306e\u30e9\u30dc\u306f \u30d5\u30ed\u30f3\u30c8\u30a8\u30f3\u30c9\u304c Transfer-Encoding\uff08chunked\uff09\u3092\u4f7f\u3044\u3001\u30d0\u30c3\u30af\u30a8\u30f3\u30c9\u304c Content-Length \u3092\u4f7f\u3046\uff08TE.CL\uff09\u4e0d\u4e00\u81f4 \u3092\u7a81\u304f\u5178\u578b\u4f8b\u3067\u3059\u3002Burp Repeater \u3067 HTTP/1.1 \u306b\u3057\u3001\u300cUpdate Content-Length\u300d\u3092\u30aa\u30d5\u306b\u3057\u305f\u72b6\u614b\u3067\u6dfb\u4ed8\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u3092 2\u56de\u9023\u7d9a\u3067\u9001\u308b\u3068\u30012\u56de\u76ee\u306e\u30ec\u30b9\u30dd\u30f3\u30b9\u304c 404 Not Found \u306b\u306a\u308a\u3001smuggling \u304c\u6210\u7acb\u3057\u305f\u3053\u3068\u304c\u78ba\u8a8d\u3067\u304d\u307e\u3059\u3002 \u6e96\u5099\uff08Burp \u8a2d\u5b9a\u30fb\u7406\u7531\uff09 Burp \u2192 Repeater \u3092\u4f7f\u7528\u3059\u308b\u3002 \u7406\u7531\uff1a\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u81ea\u2026","published":"2025-09-16 18:31:17","provider_url":"https://hatena.blog"}