Whenever a request for any web site is made from the browser, the browser first gear resolves the sphere name being accessed to an IP address and then sends a request to that address. But what if multiple websites are hosted on the same IP address ?
This is where the Host header comes in. This heading is used by a web waiter to decide which web site should process the receive HTTP request. then whenever multiple websites are hosted on the lapp IP address, the network server uses the value of this header to forward the HTTP request to the discipline web site for march. The purpose of the HTTP Host header is to help identify which back-end component the node wants to communicate with. respective nautical mile configurations and flawed business logic can
expose websites to a variety show of attacks via the HTTP Host header. Before diving in, let ’ s understand some basic terminology.
What is an HTTP Header ?
HTTP headers let the client and the server pass extra information with an HTTP request or response. An HTTP header consists of its case-insensitive name followed by a
colon ( : ), then by its value.
What is a HOST Header ?
The Host request header is the mandatary header ( as per HTTP/1.1 ) that specifies the host and port total of the server to which the request is being sent. If no port is included, the nonpayment port for the military service requested is implied, 443 for an HTTPS URL, and 80 for an HTTP URL.
Example: Host :
What is a FORWARDED Header ?
The Forwardedheader contains information from the reverse proxy servers that is altered or
lost when a proxy is involved in the path of the request.
The alternative and de-facto standard versions of this header are the X-Forwarded-For,
X-Forwarded-Host and X-Forwarded-Proto headers.
This header is used for debugging, statistics, and generating location-dependent content and
by invention, it exposes privacy sensible information, such as the IP address of the customer.
example : X-Forwarded-For :
Reasons leading to Host Header Injection
Any border on in the field of web application if not implemented by rights can make room
for several vulnerabilities. same goes with the execution of the Host header. If the
application relies on the value of the Host header for writing links without
HTML-encoding, importing scripts, deciding the location to redirect to or even generate
password resets links with its value without proper trickle, validation and sanitation then
it can lead to several vulnerabilities like Cache Poisoning, Cross Site Scripting etc.
impact : meddle of Host heading can lead to the following attacks
1. Web Cache Poisoning-Manipulating caching systems into storing a page generated with a malicious Host and serving it to others.
2. Password Reset Poisoning-Exploiting password reset emails and tricking them to deliver poison content directly to the target.
3. Cross Site Scripting – XSS can be performed, if the value of the Host header is used for writing links without HTML-encoding. For model Joomla used to write Host header to every page without HTML Encoding like this : href=”http://_SERVER[‘HOST’]”> which led to cross site scripting.
4. Access to internal hosts-To access internal hosts.
What is the HOST header attack?
HTTP Host header attacks exploit vulnerable websites that handle the value of the Host header in an unsafe way. If the server implicitly trusts the Host header and fails to validate or escape it properly, an attacker may be able to use this input to inject harmful payloads that manipulate server-side behaviour. What exactly could be the flaw, where it could go wrong? Earlier each IP address would only host content for a single domain. But today, it is common for multiple websites and applications to be accessible under the same IP address. As multiple applications are accessible via the same IP address as regards to — Virtual hosting or Routing traffic via a proxy. It is easy to get lost searching for the origin. Therefore the application relies on the Host header to specify the intended recipient.
Web Cache Poisoning using Host Header Injection:
❖Web Cache Poisoning using Single Host Header.
1) Go to the following URL in browser – and intercept the request
using proxy tools such as Burp Suite.

Read more: How to Make Your Own Website Without a Host

reservoir :
Category : Website hosting

Leave a Reply

Your email address will not be published.

Welcome to