Host header Injection
Medium
Vulnerability Details
HI SECURITY TEAM
Here is host header injection.
#Request (changing host to www.google.com)
GET / HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
#RESPONSE(www.google.com injected)
HTTP/1.1 301 Moved Permanently
Cache-Control: public, max-age=0, must-revalidate
Content-Length: 35
Content-Type: text/plain
Date: Tue, 18 Apr 2017 14:23:25 GMT
Location: https://google.com/
Age: 0
Connection: keep-alive
Server: Netlify
Redirecting to https://google.com/
Actions
View on HackerOneReport Stats
- Report ID: 221908
- State: Closed
- Substate: informative
- Upvotes: 6