This bypass technique involves HTTP request smuggling using the CL.TE method. Request smuggling is a type of attack where an attacker exploits inconsistencies in the way different servers or devices handle HTTP requests. The CL.TE method refers to the use of conflicting Content-Length (CL) and Transfer-Encoding (TE) headers within the HTTP request. This can cause the WAF (Web Application Firewall) to incorrectly parse the request, allowing the attacker to bypass the WAF protections and gain access to internal systems or sensitive data. By using this technique, attackers can sneak past security controls and interact with internals that should normally be protected by the WAF. This method is quite technical and requires understanding of HTTP headers and the behavior of the target WAF.
Check out the original tweet here: https://twitter.com/VedGawde/status/1954810997337706828