https://wiki.owasp.org/index.php/Testing_for_HTTP_Splitting/Smuggling_(OTG-INPVAL-016)
- https://portswigger.net/web-security/request-smuggling
- https://www.pentestpartners.com/security-blog/http-request-smuggling-a-how-to/
- [2020] - HTTP request smuggling on Basecamp 2 allows web cache poisoning
- [2020] - Unauthenticated request smuggling on launchpad.37signals.com
- [2020] - h2c Smuggling: Request Smuggling Via HTTP/2 Cleartext (h2c)
- [2020] - XXE-scape through the front door: circumventing the firewall with HTTP request smuggling
- [2020] - Account takeover via HTTP Request Smuggling
- [2020] - http request smuggling in pscp.tv and periscope.tv
- [2020] - Stealing Zomato X-Access-Token: in Bulk using HTTP Request Smuggling on api.zomato.com
- [2020] - HTTP Desync Attacks: Request Smuggling Reborn
- [2020] - Password theft login.newrelic.com via Request Smuggling
- [2020] - HTTP request Smuggling in Helium
- [2020] - HTTP request smuggling using malformed Transfer-Encoding header
- [2019] - HTTP Request Smuggling + IDOR
- [2019] - Multiple HTTP Smuggling reports
- [2019] - Request smuggling on ████████ (U.S. Dept Of Defense)