-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathHost Header Injection
23 lines (17 loc) · 1.17 KB
/
Host Header Injection
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Host Header Injection
->Description:
A Host header attack, also known as Host header injection, is a web attack where the attacker provides a false Host header to the web application. Find more information about other types of injection attacks
->Replication Steps:
1) Go to (Target URL)and capture the request.
2) Now in Burpsuite add X-Forwarded-Host: bing.com under the Host Header.
3) Forward.
4)You will notice that the site is now redirected to Bing.com
Hence this is vulnerable to Host Header Injection.
->Impact:
Whenever a user visits this URL, it will redirect them to anysite.com. It is used in phishing attacks.
->Mitigation:
If possible, the application should avoid incorporating user-controllable data into redirection targets. In many cases, this behavior can be avoided in two ways:
Remove the redirection function from the application, and replace links to it with direct links to the relevant target URLs.
Maintain a server-side list of all URLs that are permitted for redirection. Instead of passing the target URL as a parameter to the redirector, pass an index into this list.
->I have also provided the video PoC, kindly tell me if you need more information.
Thank You