id: host-header-injection info: name: Host Header Injection author: princechaddha severity: info description: HTTP header injection is a general class of web application security vulnerability which occurs when Hypertext Transfer Protocol headers are dynamically generated based on user input. reference: - https://portswigger.net/web-security/host-header - https://portswigger.net/web-security/host-header/exploiting - https://www.acunetix.com/blog/articles/automated-detection-of-host-header-attacks/ metadata: max-request: 1 tags: hostheader-injection,generic http: - method: GET path: - "{{BaseURL}}" headers: Host: "{{randstr}}.tld" matchers-condition: and matchers: - type: word words: - '{{randstr}}.tld' part: body condition: and - type: status status: - 200