Traumflug Posted June 13, 2020 Posted June 13, 2020 Earlier this week I was asked for advice on two vulnerabilities somebody assumed to exist on his site. Lo’ and behold, s/he was right both times. For one of them I wrote a blog post, showing how to detect this vulnerability and also a rough sketch on how to fix the server if needed. The Host Header Injection Booboo Detection is quite easy on the command line. Just run this, with <my host> replaced by your actual host: curl -v -H "Host: evil.com" https://<my host> 2>&1 | grep evil.com If the answer contains something with evil.com, the host is vulnerable. Testing should happen on all hosts in the public and with HTTP as well as HTTPS. 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now