HTTP Decompression Bombs

Interesting find here. Just FYI.

1 reply on “HTTP Decompression Bombs”

GZIP compression bombs.
How to clusterfuck any GZIP-enabled application. Basically, you can craft a GZIP-encoded HTTP response that’ll deflate from a few bytes to a few hundred megabytes due to the format of the compression. Via Fun With Wordage….

Leave a Reply

Your email address will not be published. Required fields are marked *