- 
      
- 
        Save hvvvva/d32624aee0da65ba71ef81578f3f20fd to your computer and use it in GitHub Desktop. 
    HTTP headers is the language that all web servers speaks, it can be golden gem for security researcher.
  
        
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | X-Forwarded-Host | |
| X-Forwarded-Port | |
| X-Forwarded-Scheme | |
| Origin: null | |
| Origin: [siteDomain].attacker.com | |
| X-Frame-Options: Allow | |
| X-Forwarded-For: 127.0.0.1 | |
| X-Client-IP: 127.0.0.1 | |
| Client-IP: 127.0.0.1 | |
| ---For injecting BXSS(blind XSS) || SQLI payloads--- | |
| Referer | |
| X-Wap-Profile | |
| X-Original-Url | |
| Forwarded | |
| X-Originated-IP | |
| X-Client-IP | |
| From | |
| User Agent | |
| ---Possible File upload vulnerabilities--- | |
| X-HTTP-Method-Override: PUT | 
  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment