Step 2: Adding the duplicate headers and forward the request.
Step 3: The attacker causes part of their front-end request to be interpreted by the back-end server as the start of the next request. It is effectively prepended to the next request, and so can interfere with the way the application processes that request. This is a request smuggling attack, and it can have devastating results. Now, Forward the request twice or multiple times in order to observe the error message with “status-501 ,GPOST Method not implemented”.
Any help greatly appreciated.
***Edited by Moderator: Pallavi to update platform capability tags***