id: host-header-injection info: name: Host Header Injection (x-forwarded-host) author: melbadry9 severity: low requests: - method: GET # Example of sending some headers to the servers headers: # MD5 hash of melbadry9 X-Forwarded-Host: "0021e78f48fe6525798294b7711c6f72.com" path: - "{{BaseURL}}/" matchers: - type: word words: - "0021e78f48fe6525798294b7711c6f72"