Beyond XSS: Edge Side Include Injection - GoSecure
Update: A new blog post has been published as a follow up to this article : ESI Part 2: Abusing specific implementations.  Abusing Caching Servers into SSRF and Client-Side Attacks While conducting a security assessment, we noticed an unexpected behavior in the markup language Edge Side Includes (ESI), a language used in many popular HTTP surrogates (reverse […]
https://www.gosecure.net/blog/2018/04/03/beyond-xss-edge-side-include-injection/
