Vulnerability of Host Header Injection reported by ICSS Student Rabsun Sarkar
Category : Uncategorized
HTTP header injection
HTTP header injection is a general class of web application security vulnerability which occurs when Hypertext Transfer Protocol (HTTP) headers are dynamically generated based on user input. Header injection in HTTP responses can allow for HTTP response splitting, Session fixation via the Set-Cookie header, cross-site scripting (XSS), and malicious redirect attacks via the location header. HTTP header injection is a relatively new area for web-based attacks, and has primarily been pioneered by Amit Klein in his work on request/response smuggling/splitting.
Most of the common web servers are configured in the form of the same server to host many web applications with the same IP address this type of configuration is the reason for the Host Header issues. Here we are going to deal with the host header injection attack in various forms, its impact and mitigation.
Host Header Issues:
An attacker can manually divert the code to produce the hacker desired output simply by editing the host header. Most probably web servers are configured to pass the host header to the first virtual host in the list without proper reorganisation, So It is possible to send the HTTP requests with arbitrary host headers to the first virtual host. In that case, if we specify an invalid Host means the web server process it and pass the invalid host header to the first virtual host in the list.
An attacker can modify the host name by giving a fake web page or a vulnerable website and deliver it to the user and fraud the users.
How Attackers Utilize Host Header Attack
The exploitation is based on the logic of the web application. If the application does not use the user input value, then there is no risk. But the host header attack is considered as a serious issue at the time of resetting our password. When we are resetting our forgotten password, or we change our password for our privacy, the web application generates a link dynamically there it uses the host header provided in the request. In this scenario, the hacker uses this header for their evil cause. The hackers use some social engineering and phishing attacks for getting the link. So, the developer should realise the importance of the host header attack.
Reasons leading to Host Header Injection
Any approach in the field of web application if not implemented properly can make room for several vulnerabilities. Same goes with the implementation of the Host header. If the application relies on the value of the Host header for writing links without HTML-encoding, importing scripts, deciding the location to redirect to or even generate password resets links with its value without proper filtering, validation and sanitization then it can lead to several vulnerabilities like Cache Poisoning, Cross Site Scripting etc.
Many application developers did not realise that the HTTP host header is accessible and controlled by all user. In an application security perspective, the input given by the user is always deceivable, and it is unsafe to trust. So, a web developer should consider host header issues as a dangerous thing not to and neglect it.
HSD Responsible Disclosure: Rabsun Sarkar Reported a Vulnerability in the Security Talent Website
HSD has a Responsible Disclosure Policy for its IT systems. Recently, Rabsun Sarkar (Certified Ethical Hacker from India) reported a vulnerability in the Security Talent website, showing the importance of having such a policy. It concerns Host Header Injection, which could cause the web application to behave in unexpected ways.
Our website developer Maaike Media quickly took action and solved the issue. We are very grateful for their expertise and professional response.
The HSD Responsible Disclosure Policy is based on the Guideline Responsible Disclosure published by the NCSC and was introduced after the HSD Café on Ethical Hacking and Responsible Disclosure during the Cyber Security Week 2015.
Highest Selling Technical Courses of Indian Cyber Security Solutions:
Cybersecurity services that can protect your company:
Other Location for Online Courses: