Last time I have showcased a three interesting headers that can be used as attack vector. This time I will showcase a three more, however they will be more exotic that the previous examples. If you haven’t seen part 1, view it first here. Without further ado, let’s buckle up! Forcing HTTP Verb Tunneling In …...

Can misconfigured HTTP request headers be as dangerous as parameters sent to the server? The short answer is: absolutely. HTTP headers are typically seen as routine metadata automatically sent from a browser (or other sources) to a server. They help servers understand client requests, manage authentication, store cookies, and track user...