Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
How I was able to take over any users account with host header injection
Ajay GautamPosted 6 Years Ago- Host-Header Injection is a vulnerability where a remote attacker can exploit a HTTP Host header sent by sending a fake host instead of original.
- "When creating URI for links in web applications, developers often use the HTTP Host header in order to poison the web-cache or password reset emails." - Tenable
- In this application, there was a form that was used reset passwords. However, the domain name (for the link) could be arbitrarily set by setting the Host Header of the request.
- Therefore, an attacker could easily set this Host Header to something they controlled. Then, when a user clicked on the link in their email, the attacker would have the password reset token!
- In conclusion, do not trust input set on the client side :)
