Host header attack possible, an attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways.
What is HOST HEADER?
It is normal practice for a similar web server to have a few sites or web applications on a similar IP address. The Host header determines which site or web application should process an approaching HTTP request. The web server utilizes the Host header parameter value of to dispatch the request to the predetermined site or web application. Each web application existing on a similar IP address is commonly referred to as a virtual host. Numerous web applications depend on the HTTP Host header to understand for themselves their location. What numerous application admin don't understand is that the HTTP Host header is controlled by the client. Hence they pose many risks and induce various attack vectors namely
GET /index.html HTTP/1.1 GET /index.html HTTP/1.1
Host: example.com Host: evil.com