Beyond XSS: Edge Side Include Injection
Update: A new blog post has been published as a follow up to this article : ESI Part 2: Abusing specific implementations. Abusing Caching Servers into SSRF and Client-Side Attacks While conducting a security assessment, we noticed an unexpected behavior in the markup language Edge Side Includes (ESI), a language used in many popular HTTP surrogates (reverse … Continue reading Beyond XSS: Edge Side Include Injection
Copy and paste this URL into your WordPress site to embed
Copy and paste this code into your site to embed