How to fix HTTP request smuggling security issue in Pega Application?
https://portswigger.net/web-security/request-smuggling
Please find attached word document which contains detailed screenshots.
Step 1: Access the URL and capture the request. https://preprod-myXX.XXXXXX.in/prweb/sso1/ex7EeZQhwqVsPcJXG37rCQ%5B%5B*/!STANDARD
Step 2: Adding the duplicate headers and forward the request.
Step 3: The attacker causes part of their front-end request to be interpreted by the back-end server as the start of the next request. It is effectively prepended to the next request, and so can interfere with the way the application processes that request. This is a request smuggling attack, and it can have devastating results. Now, Forward the request twice or multiple times in order to observe the error message with “status-501 ,GPOST Method not implemented”.
Any help greatly appreciated.
Thanks,
***Edited by Moderator: Pallavi to update platform capability tags***