https://blog.qife122.com/tags/%E8%AF%B7%E6%B1%82%E8%B5%B0%E7%A7%81%E6%BC%8F%E6%B4%9E/ Recent content in 请求走私漏洞 on 办公AI智能小助手 Hugo zh-cn qife Wed, 22 Oct 2025 11:55:24 +0800 https://blog.qife122.com/p/http/1.1%E5%BF%85%E9%A1%BB%E6%B7%98%E6%B1%B0%E8%BF%99%E5%AF%B9%E5%BA%94%E7%94%A8%E5%AE%89%E5%85%A8%E9%A2%86%E5%AF%BC%E5%B1%82%E6%84%8F%E5%91%B3%E7%9D%80%E4%BB%80%E4%B9%88/ Wed, 22 Oct 2025 11:55:24 +0800 https://blog.qife122.com/p/http/1.1%E5%BF%85%E9%A1%BB%E6%B7%98%E6%B1%B0%E8%BF%99%E5%AF%B9%E5%BA%94%E7%94%A8%E5%AE%89%E5%85%A8%E9%A2%86%E5%AF%BC%E5%B1%82%E6%84%8F%E5%91%B3%E7%9D%80%E4%BB%80%E4%B9%88/ <p>在Black Hat USA和DEFCON 2025大会上，PortSwigger研究总监James Kettle发出了严厉警告：请求走私攻击不仅没有消失，反而在不断演变和蔓延。尽管经过多年的防御努力，Kettle公布的新研究证明，HTTP请求走私（或称&quot;desync&quot;攻击）仍然是一个系统性的协议级威胁，危及全球数千万本应安全防护的网站。</p>