$6,5k + $5k HTTP Request Smuggling mass account takeover - Slack + Zomato

📧 Subscribe to BBRE Premium: ✉️ Sign up for the mailing list: 📣 Follow me on Twitter: HTTP request smuggling is a technique used to find vulnerabilities in bug bounty programs and penetration tests, rediscovered by portswigger in 2019. In the video I present and explain two reports from Hackerone that show how a bug hunter hacked Slack and Zomato, earning $6,500 and $5,000 respectively. Follow me on twitter: Original reports: Reporter: Smuggler tool: RFC: #section-4.4 Timestamps: 00:00 Intro 00:26 HTTP Request Smuggling 03:25 Slack's report 06:30 Zomato's report