Host Header Injection.
Low
D
Dropcontact
Submitted None
Team Summary
Official summary from Dropcontact
Someone could change the redirection when login out from firstpromoter, by tweaking the logout request and using http X-Forwarded-Host, someone could redirect the logout toward a bad place.
Actions:
Reported by
xploiterr
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Open Redirect