GoSecure Blog

Beyond XSS: Edge Side Include Injection

Update: A new blog post has been published as a follow up to this article : ESI Part 2: Abusing specific implementations.

Abusing Caching Servers into SSRF and Client-Side Attacks

While conducting a security assessment, we noticed an unexpected behavior in the markup language Edge Side Includes (ESI), a language used in many popular HTTP surrogates (reverse proxies, load balancers, caching servers, proxy servers). We identified that successful ESI attacks can lead to Server Side Request Forgery (SSRF), various Cross-Site Scripting (XSS) vectors that bypass the HTTPOnly cookie mitigation flag, and server-side denial of service. We call this technique ESI Injection.

Read More

Topics: appsec, SSRF, vulnerability, web, XSS, ESI, exploitation, Featured

XSS for ASP.net developers

As a follow-up to the conference given at Confoo few weeks ago, we are doing a focus article on the same topic. The presentation was giving an overview of the modern XSS attack vectors and filter bypass. In this blog post, we will take a closer look at XSS in the context of .NET applications.

Read More

Topics: ASP.net, Confoo, RequestValidation, XSS