id: openvpn-hhi info: name: OpenVPN Host Header Injection author: twitter.com/Dheerajmadhukar description: A vulnerability in OpenVPN Access Server allows remote attackers to inject arbitrary redirection URLs by using the 'Host' HTTP header field. severity: info tags: openvpn,hostheader-injection requests: - raw: - | GET / HTTP/1.1 Host: {{randstr}}.tld matchers-condition: and matchers: - type: word words: - "https://{{randstr}}.tld/__session_start__/" - "openvpn_sess" part: header condition: and - type: status status: - 302