Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Host header injection

Garry Jul 12, 2019 12:27PM UTC

Hi ,

I am trying to create POC (Proof of Concept) for header injection vulnerability on a website.
https://abcd/path1/path2

Steps tried:
1. Created a server and added folders folder.
2. Added folders under server location.
3. New structure looks like : eg. 192.168.x.x /abcd/path1/path2
4. Intercepted web request in Burp and changed original Host to 192.168.x.x
5. Forwarded and to got redirect response
6. On browser response is not served
Error is shown as "Failed to connect 192.168.x.x

Expected : 200 ok response, since webiste is vulnerable to header injection
browser should display: https://192.168.x.x/abcd/path1/path2


Please help


Liam Tai-Hogan Jul 16, 2019 08:59AM UTC Support Center agent

Garry, why do you think the site is vulnerable to Host header injection.

Have you tried using Burp Repeater?


Post Your public answer

Your name
Your email address
Answer