| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 |
Tags
- hackerone
- 인젝션
- hacker101
- 취약점
- 호스트헤더
- 케쉴주
- Googledorks
- 버그바운티
- wargame
- game
- 케이쉴드주니어4기
- 케이쉴드주니어
- 구글해킹
- bugbounty
- 우버
- 면접후기
- XSS
- report
- 웹해킹
- 케쉴주4기
- wargmae
- writeup
- 정보보호관리진단
- CTF
- 컨설팅
- IDOR
- Today
- Total
Hack The World
Host header injection 취약점 $800 본문
https://pethuraj.com/blog/how-i-earned-800-for-host-header-injection-vulnerability/
How I earned $800 for Host Header Injection Vulnerability - Bug Bounty Writeups
HTTP response header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way.
pethuraj.com
TIP
If the website works with an arbitrary host header, the client can modify the host header to contain anything. This can introduce a security issue if the host header is then used within the application.
Attack Scenario:
- The attacker sends a reset password request to another user by modifying the Host Header in the request with any malicious site.
- The user receives an email to reset the password, clicks the link and proceeds further with the malicious link.
- By this way, an attacker can obtain valid password reset token for any user.
비밀번호를 찾는 페이지에서 패킷을 잡은후
Host 헤더를 악성링크로 변조
예제에서는 google.com 으로변경
메일이 정상적으로 보내지고 메일을 확인시 주소가 google 로 변경후 token 값이 노출된것을 확인
피해자가 링크를 눌를경우 토큰값을 획득가능
'BugBounty > Write up' 카테고리의 다른 글
| 행아웃 open rediection $7500 (0) | 2020.04.19 |
|---|---|
| 구글해킹 이용 XSS $3133.7 (0) | 2020.04.13 |
| IDOR + PATCH 메소드 사용 계정우회 (0) | 2020.03.10 |
| A Simple IDOR to Account Takeover (0) | 2020.03.07 |
| Hyperlink Injection - Easy Money (sometimes) (0) | 2020.02.28 |
'BugBounty/Write up' Related Articles
more
Comments