Learn How Attackers Manipulate Host Headers to Compromise Web Applications and How to Defend Against It
Press enter or click to view image in full size
Introduction
Host header injection is a web vulnerability that arises when a web application trusts the value of the Host header in HTTP requests without proper validation. Attackers can manipulate this header to influence how the server processes requests, potentially leading to cache poisoning, password reset poisoning, web cache deception and even full account takeover in some scenarios.
Understanding the various ways to manipulate the Host header is crucial for both attackers and defenders. Below we explore the most common and advanced techniques for host header manipulation with practical examples and explanations.
Common Host Header Injection Techniques
Spoofing with Malicious Domain
Supply a rogue domain in the Host header to trick the application into generating links or redirects pointing to the attacker’s server.
example:
GET /reset-password HTTP/1.1
Host: attacker.com