S8cN8tes

🧑Whoami
✉️API-Sec
🕸️Web-AppSec
🐞Bug Bounty
📶Network-Sec
📱Android-AppSec
- Android App Fundamentals
  Android Architecture
  Android Security Model
  Android App Components
  Intents
  Pending Intents
- How To Get APK file for application
🖥️Operating Systems
- Linux
  Linux Commands
  Tools
  Linux File System
  Bash Scripting guide
  tmux
  Git
- VPS
👨‍💻Programming

Powered by GitBook

Host Header Injection

CWE-644: Improper Neutralization of HTTP Headers

Where We need to look ?

Reset password Functionality
Signup
Confirmation Token

How To Mitigate This Type Of Issue :

· Validate the headers that supplied into the requests Which You Must Need to configure Properly That an bad actor can’t control.

· Also use multi-factor authentication to prevent account hijacking , and one such method is SMS Authentication.

Checklist

try localhost
Web cache poisoning via ambiguous requests
Add two HOST: in Request.
Try this Headers
If you come across /api.json in any AEM instance during bug hunting, try for web cache poisoning via followingHost: , X-Forwarded-Server , X-Forwarded-Host: and or simply try https://localhost/api.json HTTP/1.1
Also try Host: redacted.com.evil.com
Try Host: evil.com/redacted.com https://hackerone.com/reports/317476
Try this too Host: example.com?.mavenlink.com
Try Host: javascript:alert(1); Xss payload might result in debugging mode. https://blog.bentkowski.info/2015/04/xss-via-host-header-cse.html
Host Header to Sqli https://blog.usejournal.com/bugbounty-database-hacked-of-indias-popular-sports-company-bypassing-host-header-to-sql-7b9af997c610
Bypass front server restrictions and access to forbidden files and directories through
Add line wrapping
Supply an absolute URL

References

PortSwigger

PreviousBypassing SameSite Cookie Restrictions NextHTTP request smuggling

Last updated 4 months ago

On this page

Checklist
References

Was this helpful?