Merge pull request #2595 from projectdiscovery/host-header-injection

Create host-header-injection.yaml

vulnerabilities/generic/host-header-injection.yaml

@@ -0,0 +1,32 @@
+id: host-header-injection
+
+info:
+  name: Host Header Injection
+  author: princechaddha
+  severity: info
+  description: HTTP header injection is a general class of web application security vulnerability which occurs when Hypertext Transfer Protocol headers are dynamically generated based on user input.
+  reference:
+    - https://portswigger.net/web-security/host-header
+    - https://portswigger.net/web-security/host-header/exploiting
+    - https://www.acunetix.com/blog/articles/automated-detection-of-host-header-attacks/
+  tags: hostheader-injection,generic
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    headers:
+      Host: "{{randstr}}.tld"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '{{randstr}}.tld'
+        part: body
+        condition: and
+
+      - type: status
+        status:
+          - 200