Collaborate Disseminate
In my webserver log files I sometimes find such entries:
185.30.14.116 [2024-09-14T07:56:57+02:00] 400 | HOST-HDR "185.30.14.116" | SRV _:80" | URI "/"
So there is a request from 185.30.14.116 that my default serve… Continue reading What is the sense of the client’s IP in a Host header?
If I send an unknown domain name in the HTTP request header ‘Host’ to a webserver and the webserver responds with a HTTP status code 301/302 (redirect) along with a HTTP response header ‘Location’ reflecting my initial Host header input.
D… Continue reading Is a random unknown HTTP request header ‘Host’ that is reflected in the HTTP response ‘Location" header (3xx) a open redirect or DNS rebinding?
I want to inject the collaborator payload in the HTTP Host header (HTTP Host header injection).
GET / HTTP/1.1
Host: payload.collaborator.net
The Host header is used to reach the targeted webserver and fetch the vhost or any backend compo… Continue reading How does Burp Collaborator payload reach the targeted vulnerable site?
From official ASP.NET Core docs, namely Routing in ASP.NET Core ยง URL generation concepts:
Use GetUri* extension methods with caution in an app configuration that doesn’t validate the Host header of incoming requests. If the Host header o… Continue reading To what attacks is using the value of the HOST header to craft self-referential URLs vulnerable?
I was looking for the answer of this question what is header and what is header Attack. And I want to know that how powerful is header attack and is the best way to perform header attacks. If anyone here who can guide me regarding to the h… Continue reading What is header ? and what is the different Between header attacks. And other normal attacks?
I found a website which is vulnerable to cors.(https://portswigger.net/web-security/cors)
GET /api/requestApiKey HTTP/1.1.
Host: vulnerable-website.com.
Origin: https://evil.com.
AUTHENTICATION: eyssdsdsdsasa…..
And the server responds … Continue reading CORS attack using authentication token
I have been researching http host header attacks. There are many examples such as <a href="https://_SERVER[‘HOST’]/support">Contact support</a>. Why would anyone use an absolute path for resources served by the same s… Continue reading Do relative paths mitigate HTTP Host Header attacks?
If I go to the http site e.g. http://www.example.com the site will redirect (code 301) to the https version https://www.example.com.
On various pentests I observed that if I modify the Host header in the http request the Location header in… Continue reading How could someone exploit a host header injection vulnerability that only effects the responses Location header?
I was reading about host header injection and found many reports on hackerone.
Assume that if you inject X-Forwarded-Host header to specific requests, you may cause a redirect which can impact the people on the network (eg:https://hackeron… Continue reading Can Proxy insert headers to a HTTPS requests which are on the same network?
I would like to simulate a HTTP host header injection on a local IIS webserver, however, I do not see any redirection occurring.
I have the default website configured on port 80 and another site on port 80 but this has a hostname test.site… Continue reading Simulate host header injection on IIS not working [closed]