Header Based Exploitation – Web Statistical Software Threats. When people visit your website, certain information is passed from the users web browser to your web server/script. This information contains data such as what browser they are using, the last site visited, the file they requested, and other information. This paper was written to help you understand how an attacker can use these information fields to exploit your web statistics software. Includes info on SSI Tag Insertion, HTML Insertion, and more.
You can download it from the following link: https://packetstormsecurity.com/files/download/25665/web.headers.txt
Source: https://packetstormsecurity.com/files/25665/web.headers.txt.html