Host Header Injection (host-header-injection) found on honey.scanme.sh

[mkrs2404]

Details: host-header-injection matched at honey.scanme.sh

Protocol: HTTP

Full URL: https://honey.scanme.sh

Timestamp: Tue Apr 30 19:28:54 +0530 IST 2024

Template Information

Key	Value
Name	Host Header Injection
Authors	princechaddha
Tags	hostheader-injection, generic
Severity	info
Description	HTTP header injection is a general class of web application security vulnerability which occurs when Hypertext Transfer Protocol headers are dynamically generated based on user input.

Request

GET / HTTP/1.1
Host: 2fp5nlc5sot5AAOniMjCdPjfOyj.tld
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36 Edg/91.0.864.59
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK
Connection: close
Content-Length: 278
Content-Type: text/html
Date: Tue, 30 Apr 2024 13:58:54 GMT

GET / HTTP/1.1
Host: 2fp5nlc5sot5AAOniMjCdPjfOyj.tld
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: close
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36 Edg/91.0.864.59

References:

• https://portswigger.net/web-security/host-header
• https://portswigger.net/web-security/host-header/exploiting
• https://www.acunetix.com/blog/articles/automated-detection-of-host-header-attacks/

CURL command

curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'Host: 2fp5nlc5sot5AAOniMjCdPjfOyj.tld' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36 Edg/91.0.864.59' 'https://honey.scanme.sh'

---

Generated by Nuclei v3.2.5