id: external-service-interaction

info:
  name: External Service Interaction
  author: andreluna
  severity: info
  description: External Service interaction via Host Header Injection.
  reference:
    - https://portswigger.net/kb/issues/00300210_external-service-interaction-http
    - https://success.qualys.com/support/s/article/000006843
    - https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/17-Testing_for_Host_Header_Injection
  classification:
    cwe-id: CWE-918,CWE-406
  metadata:
    max-request: 1
  tags: http,misc,oast

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    headers:
      Host: "{{interactsh-url}}"
    redirects: true
    max-redirects: 1
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "http"
          - "dns"
        condition: or

# digest: 4a0a00473045022100e5705f959d9b0197b0134961097822bc12771881e2786d3c6626d6f7166b2d120220624ce6e2166bf896813bdaea67433a0bd045bcbf5a55bb10d7b1521ecd72b770:922c64590222798bb761d5b6d8e72950