2020-04-22 09:54:04 +00:00
|
|
|
id: host-header-injection
|
2020-04-22 05:05:14 +00:00
|
|
|
|
|
|
|
|
info:
|
|
|
|
|
name: Host Header Injection (x-forwarded-host)
|
|
|
|
|
author: melbadry9
|
|
|
|
|
severity: low
|
|
|
|
|
|
|
|
|
|
requests:
|
|
|
|
|
- method: GET
|
|
|
|
|
# Example of sending some headers to the servers
|
|
|
|
|
headers:
|
2020-05-24 22:19:21 +00:00
|
|
|
# MD5 hash of melbadry9
|
2020-04-22 05:05:14 +00:00
|
|
|
X-Forwarded-Host: "0021e78f48fe6525798294b7711c6f72.com"
|
|
|
|
|
path:
|
|
|
|
|
- "{{BaseURL}}/"
|
|
|
|
|
matchers:
|
|
|
|
|
- type: word
|
|
|
|
|
words:
|
|
|
|
|
- "0021e78f48fe6525798294b7711c6f72"
|
