Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Host Header injection

395 views

Published on

Host Header injection

Published in: Technology
  • Be the first to comment

Host Header injection

  1. 1. HOST HEADER INJECTION Presenter : Amit Dubey
  2. 2. What are HTTP HEADER? • Request and Response • Carries Information • Browser Request • Server Response • HTTP Header : HOST
  3. 3. What is Host Header Injection ? ■ But what happens if we specify an invalid Host Header ? ■ Original Request – ■ Edited Request –
  4. 4. Impacts - SEVERITY : HIGH ■ Web Cache Poisoning ■ Password Reset Poisoning ■ Cross Site Scripting ■ Access to internal hosts
  5. 5. Bypasses- ■ Multiple Host Headers ■ X-Forwarded-Host
  6. 6. Mitigation - ■ Reject any request that doesn’t match target domain ■ Validating Host header to ensure that the request is originating from that target host or not. ■ Creating an dummy virtual host that catches all requests with unrecognized Host headers. ■ By creating a whitelist of trusted domains. ■ Disable support for X-Forwarded-Host
  7. 7. QUESTION ? ~~~~~~~~~Thank you ~~~~~~~~~

×