Host header Injection
Medium
H
Homebrew
Submitted None
Actions:
Reported by
sumit7
Vulnerability Details
Technical details and impact analysis
HI SECURITY TEAM
Here is host header injection.
#Request (changing host to www.google.com)
GET / HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
#RESPONSE(www.google.com injected)
HTTP/1.1 301 Moved Permanently
Cache-Control: public, max-age=0, must-revalidate
Content-Length: 35
Content-Type: text/plain
Date: Tue, 18 Apr 2017 14:23:25 GMT
Location: https://google.com/
Age: 0
Connection: keep-alive
Server: Netlify
Redirecting to https://google.com/
Report Details
Additional information and metadata
State
Closed
Substate
Informative
Submitted
Weakness
Violation of Secure Design Principles