Introduction

Host header injection is a web vulnerability that arises when a web application trusts the value of the Host header in HTTP requests without proper validation. Attackers can manipulate this header to influence how the server processes requests, potentially leading to cache poisoning, password reset poisoning, web cache deception and even full account takeover in some scenarios.

Understanding the various ways to manipulate the Host header is crucial for both attackers and defenders. Below we explore the most common and advanced techniques for host header manipulation with practical examples and explanations.

Common Host Header Injection Techniques

Spoofing with Malicious Domain

Supply a rogue domain in the Host header to trick the application into generating links or redirects pointing to the attacker’s server.

example:

GET /reset-password HTTP/1.1  
Host: attacker.com