Host Header Injection lead to Hall of Fame
Intro : Hello Hackers! What’s Up. Welcome to my New Article. Here I will discuss about Host Header Injection that takes me to Hall of Fame. So let’s start the Journey.
So I start Enumerate a Domain assume : www.xyz.com
So there I found a Sign up Page. So I try to Sign Up with some Random Creds and Capture the Login Request in BurpSuite.
So this Request Redirect us to : secure.xyz.com. So I follow the Redirection. The Path is : /secure/login.bml?err=12. And again Redirecting us to secure.xyz.com. So Here I change the Host Header to bing.com and send the Request. Now the Hack is that it set the Redirection Location to : secure.bing.com without taking us to secure.xyz.com [For Improper Validation].
Now when I follow the Redirection in BurpSuite it Completely takes us to Bing Home Page.
I copied the URL and Paste it in Browser and it is a Bing Home Page.
So an if an Attacker set a Malicious Web Server in any Domain that Redirecting us; therefore they can steal anyone’s Username a Password with this Injection.
With this I get a HOF.
So that’s it. Hope you learn something new from Here.
THANKS FOR RAEDING!
If you like it don’t forget to Follow me for more Articles.
Happy Hacking~
