Host Header Injection

Summary

Host Header Injection allows an attacker to manipulate the Host header of an HTTP request, leading to potential security bypass, cache poisoning, or session fixation.

Description

Host Header Injection is a vulnerability that occurs when an attacker can manipulate the Host header of an HTTP request sent to a web application. By injecting a malicious or manipulated Host header, attackers can bypass security controls, poison caches, perform session fixation attacks, or redirect traffic to malicious servers. Host Header Injection can lead to unauthorized access, sensitive information exposure, or compromise of user sessions.

Remediations

Implement strict validation and sanitization of user-controlled input used in the Host header.
Use server-side configurations or web application firewalls to enforce restrictions on the Host header values.
Perform proper input validation on redirect targets and ensure they are from trusted sources.
Implement secure session management techniques, such as session token regeneration, to mitigate session fixation attacks.

References

https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/17-Testing_for_Host_Header_Injection

hackstack

Anatomy

Usually follows

HTTP Desync

Usually precedes

Authentication Bypass

Account Takeover

Open Redirect

Server Side Request Forgery (SSRF)

CRLF Injection

Affected components

Server