From acd46242008553c52b03928308ead6a9d808e174 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Mon, 6 Sep 2021 17:14:27 +0530
Subject: [PATCH] Create host-header-injection.yaml

---
 .../generic/host-header-injection.yaml        | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 vulnerabilities/generic/host-header-injection.yaml

diff --git a/vulnerabilities/generic/host-header-injection.yaml b/vulnerabilities/generic/host-header-injection.yaml
new file mode 100644
index 0000000000..9166fdec4d
--- /dev/null
+++ b/vulnerabilities/generic/host-header-injection.yaml
@@ -0,0 +1,32 @@
+id: host-header-injection
+
+info:
+  name: Host Header Injection
+  author: princechaddha
+  severity: info
+  description: HTTP header injection is a general class of web application security vulnerability which occurs when Hypertext Transfer Protocol headers are dynamically generated based on user input.
+  reference:
+    - https://portswigger.net/web-security/host-header
+    - https://portswigger.net/web-security/host-header/exploiting
+    - https://www.acunetix.com/blog/articles/automated-detection-of-host-header-attacks/
+  tags: hostheader-injection,generic
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    headers:
+      Host: "{{randstr}}.tld"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '{{randstr}}.tld'
+        part: body
+        condition: and
+
+      - type: status
+        status:
+          - 200