Browsed by
Author: bmacharia

Account Takeover Through Host Header Injection

Account Takeover Through Host Header Injection

In this post, I will explain what are host header injection attacks and how I found one in a private bug bounty program that led to full user account take over. The Anatomy of a HTTP Request Before we define what is a host host header injection attack, we need to first delve into the anatomy of a HTTP request. A HTTP request is generally divided into 3 parts, that include a request line, set of header fields and a…

Read More Read More