Back to directory

WRITEUP #5379

ESI Injection Part 2: Abusing specific implementations

RCEESI injectionSSRFHTTP header injection

by@h3xstream(Philippe Arteau)

Program

-

Published

May 2, 2019

Added to HackDex

Mar 8, 2023

Read Full Writeuphttps://www.gosecure.net/blog/2019/05/02/esi-injection-part-2-abusing-specific-implementations/

▸ RELATED WRITEUPS

Vulnerabilities in Homepage Dashboard

Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!

RCEConfusion attack

Shelltorch Explained: Multiple Vulnerabilities in Pytorch Model Server (Torchserve) (CVSS 9.9, CVSS 9.8) Walkthrough

Vulnerabilities in Open Source C2 Frameworks

RCEOS command injection

[2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package

RCEDependency confusion

Built with ❤️ by Shubham Rawat