id: external-service-interaction info: name: External Service Interaction author: andreluna severity: info description: External Service interaction via Host Header Injection. reference: - https://portswigger.net/kb/issues/00300210_external-service-interaction-http - https://success.qualys.com/support/s/article/000006843 - https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/17-Testing_for_Host_Header_Injection classification: cwe-id: CWE-918,CWE-406 metadata: max-request: 1 tags: http,misc,oast http: - method: GET path: - "{{BaseURL}}" headers: Host: "{{interactsh-url}}" redirects: true max-redirects: 1 matchers: - type: word part: interactsh_protocol words: - "http" - "dns" condition: or