Question

67
Views
BKrishna Member since 2018 25 posts
e-Pragati
Posted: 2 months ago
Last activity: 2 months 1 week ago

How to fix HTTP request smuggling security issue in Pega Application?

https://portswigger.net/web-security/request-smuggling

Please find attached word document which contains detailed screenshots. 

Step 1: Access the URL and capture the request. https://preprod-myXX.XXXXXX.in/prweb/sso1/ex7EeZQhwqVsPcJXG37rCQ%5B%5B*…

Step 2: Adding the duplicate headers and forward the request.

Step 3: The attacker causes part of their front-end request to be interpreted by the back-end server as the start of the next request. It is effectively prepended to the next request, and so can interfere with the way the application processes that request. This is a request smuggling attack, and it can have devastating results. Now, Forward the request twice or multiple times in order to observe the error message with “status-501 ,GPOST Method not implemented”.

Any help greatly appreciated.

Thanks,

***Edited by Moderator: Pallavi to update platform capability tags***  

Pega Platform 7.3.1 Low-Code App Development System Administration Security Technology Services Senior System Architect
Share this page LinkedIn