Phoenix202020
commented
3 years ago @deblanco @jsertx
Open Phoenix202020 opened 3 years ago
Phoenix202020
commented
3 years ago @deblanco @jsertx
deblanco
commented
3 years ago Hi @Phoenix202020!
Thanks for the report, we are reviewing the servers conf. By the way, we find the severity of this issue as Low due to the injection should be done on the client-side and the vhost server is located on the Cloudflare side.
Thanks, Daniel.
Phoenix202020
commented
3 years ago Hi @deblanco @jsertx
Did you review the issue? any update on this?
On Mon, 27 Sep 2021 at 4:22 PM, Daniel Blanco Parla < @.***> wrote:
Hi @Phoenix202020 https://github.com/Phoenix202020!
Thanks for the report, we are reviewing the servers conf. By the way, we find the severity of this issue as Low due to the injection should be done on the client-side and the vhost server is located on the Cloudflare side.
Thanks, Daniel.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/unifiprotocol/unifi-sdk/issues/8#issuecomment-927779072, or unsubscribe https://github.com/notifications/unsubscribe-auth/APSWRFS43ZUPHA2NV4PN4ELUEBHYPANCNFSM5EHXISHQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
Weakness: Violation of Secure Design Principles
Severity: Medium-High
Vulnerable Host: https://unifiprotocol.com/
Summary:
An attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways.
Very often multiple websites are hosted on the same IP address. This is where the Host Header comes in. This header specifies which website should process the HTTP request. The web server uses the value of this header to dispatch the request to the specified website. Each website hosted on the same IP address is called a virtual host.
A Web server handles the Host header value to dispatch the request to the destination domain. An attacker can manipulate this Host header with some fake Domains to steal sensitive information also.
Steps for reproduce:
POC video link:
https://drive.google.com/file/d/1ZFqgpm2fhQ5YKc0a08Fx87Z7imRxOsBD/view?usp=sharing
PoC Payload: (refer to video) www.bing.com
Kindly refer to the video to understand it fully and fix the issue.
Looking forward to hear from you soon on this and to report further.
Regards Phoenix