CWE-644: Improper Neutralization of HTTP Headers
Last updated 6 months ago
Was this helpful?
Add two HOST: in Request.
HOST:
Try
Try this Headers
If you come across /api.json in any AEM instance during bug hunting, try for web cache poisoning via followingHost: , X-Forwarded-Server , X-Forwarded-Host: and or simply try HTTP/1.1
/api.json
Host: , X-Forwarded-Server , X-Forwarded-Host:
Also try Host: redacted.com.evil.com
Host: redacted.com.evil.com
Try Host:
Try this too Host: example.com?.mavenlink.com
Host: example.com?.mavenlink.com
Try Host: javascript:alert(1); Xss payload might result in debugging mode.
Host: javascript:alert(1);
Host Header to Sqli
Bypass front server restrictions and access to forbidden files and directories through
Add line wrapping
Supply an absolute URL