For account takeover:
Host-Header:
Nowadays a single web-server is used to deploy more than one application. It means all application resolves the same IP-address. So to avoid confusion. a host header is used because the host header specifies which request has to move which application.
Host header attack is very common in cloud infrastructure and many application takes help from host header to understand where they are.
How to bypass:
· By providing any random domain in host header. If in response, we get 200 Ok.
· By providing same domain but with random port in host header, if still we get 200 Ok in response.
· X-Forwarded-Host: By using it we overwriting Host header value.
· By injecting same Host Header twice
· By supplying an absolute URL: Generally, web servers work on relative path but sometimes application accept absolute path host header.
What vulnerability we can exploit by changing host header:
· Web cache Poisoning: Attacker poisons web-cache of the website so anyone who visits the cached page gets infected
· Password Reset Poisoning: Application usually generate a secret token by using…
