[Owasp-leaders] Host header injection
achim at owasp.org
Tue Sep 30 22:08:01 UTC 2014
TCP is TCP and knows nothing about the Host header in the application layer (HTTP).
You can write anything inthe Host header. It depends on the (web) server and its
applications if it's handled correctly.
I.g. the same data validation needs to be done as for any othe header too.
Hope this helps.
Am 30.09.2014 23:53, schrieb Owen Pendlebury:
> Hi all,
> Just wanted to ask your thoughts on host header injection. Because of the
> TcP connection I shouldn't be able to alter the host header and it redirect
> me right?
> Would be interested in hearing your opinions on risk and exploitation of
> OWASP Ireland-Dublin Chapter Lead
More information about the OWASP-Leaders