J.A. Shezan's Blog

Find & Prevent Host Header Injection with These Resources

J.A. Shezan's photo
J.A. Shezan
ยท

1 min read

Find & Prevent Host Header Injection with These Resources

Table of contents

A wrong move with the HTTP header can risk your web app and your users' security. To prevent this from happening, measures should be taken before that. Better safe than sorry.

What to Learn from These Resources:

  • What is "Host Header Injection" (also known as "HBI")?
  • Why does this happen?
  • Where can this bug be found?
  • How to test for this bug?
  • All ways to find this bug
  • Can it come from another vulnerability?
  • Can it be chained with other bugs?
  • Can it lead to another vulnerability?
  • What is the impact of this?
  • Why is this a problem on a specific platform?
  • What exactly will you be able to do on that platform by exploiting these?
  • How to mitigate this bug?
  • Some real-life cases with this bug

Resources:

  1. portswigger.net/web-security/host-header
  2. owasp.org/www-project-web-security-testing-..
  3. crashtest-security.com/invalid-host-header
  4. acunetix.com/vulnerabilities/web/host-heade..
  5. acunetix.com/blog/articles/automated-detect..
  6. secuneus.com/host-header-injection
  7. valencynetworks.com/kb/host-header-attack.h..
  8. dzone.com/articles/what-is-a-host-header-at..
  9. skeletonscribe.net/2013/05/practical-http-h..
  10. attacker-codeninja.github.io/2021-09-09-por..
  11. linkedin.com/pulse/host-header-injection-de..
  12. medium.com/@tameemkhalid786/host-header-inj..
  13. bmacharia.com/2021/03/04/account-takeover-t..
  14. hackerone.com/reports/317476
  15. bmacharia.com/2021/03/04/account-takeover-t..
  16. lightningsecurity.io/blog/host-header-injec..
  17. blog.bentkowski.info/2015/04/xss-via-host-h..
  18. kathan19.gitbook.io/howtohunt/host-header-a..
  19. getridbug.com/information-security/is-host-..
  20. infinitelogins.com/2021/01/02/http-host-hea..
  21. lavankumar2604.wixsite.com/hacker/post/host..
  22. stackoverflow.com/questions/47880156/host-h..
  23. exploit-db.com/exploits/38068
  24. vladtoie.gitbook.io/secure-coding/server-si..
  25. github.com/daffainfo/AllAboutBugBounty/blob..
  26. web.dev/security-headers
  27. stackoverflow.com/questions/43941048/preven..
  28. ibm.com/docs/en/odm/8.9.2?topic=configuring..
  29. developpaper.com/http-host-header-attacks-f..
  30. techcommunity.microsoft.com/t5/iis-support-..
  31. nileshsapariya.blogspot.com/2015/10/host-he..

Let us know if you have more in our comment section. ๐Ÿ™‚

Bugs and ErrorsSecurityCyberSeccybersecurityinfosec
ย