Web security attacks | cyber security whitepapers | Pune Mumbai Hyderabad Delhi Bangalore Ahmedabad Kolkata India Dubai Bahrain Qatar Kuwait Singapore Australia USA UK Germany Croatia Botswana Mauritius

Title:

Host header attack possible, an attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways.

Vulnerability:

What is HOST HEADER?
It is normal practice for a similar web server to have a few sites or web applications on a similar IP address. The Host header determines which site or web application should process an approaching HTTP request. The web server utilizes the Host header parameter value of to dispatch the request to the predetermined site or web application. Each web application existing on a similar IP address is commonly referred to as a virtual host. Numerous web applications depend on the HTTP Host header to understand for themselves their location. What numerous application admin don't understand is that the HTTP Host header is controlled by the client. Hence they pose many risks and induce various attack vectors namely

password reset poisoning
cache poisoning
access to other internal host/application
XSS, etc.

GET /index.html HTTP/1.1 GET /index.html HTTP/1.1
Host: example.com Host: evil.com

Solution:

Host header injection can be moderated by dismissing any demand that doesn't coordinate the objective area.
Approving Host header to guarantee that the demand is starting from that target host or not.
Host header injection can be relieved in Apache and Nginx by making a dummy virtual host that gets all requests with unrecognized Host headers.
By making a white-list of trusted domain amid the underlying setup of the application and mapping areas got in Host header of every single request with it.
It is prescribed to incapacitate the help for the X-Forwarded-Host header and if can't be disabled put legitimate security checks on it to prevent its tampering.
One should utilize secure server setup.