#2 Host Header Injection — Secure Code Explain

Here is an example of vulnerable code that is susceptible to a Host Header Injection Attack :

🥺 Vulnerable Code

import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class PasswordResetServlet {
public void resetPassword(HttpServletRequest request, HttpServletResponse response) throws IOException {
String email = request.getParameter("email");
String resetLink = "https://" + request.getHeader("Host") + "/reset-password?email=" + email;

// Send password reset link to the user's email
// ...

response.sendRedirect(resetLink);
}
}

In the vulnerable code snippet above:

• The resetPassword method takes an HTTP request and response as parameters and extracts the email parameter from the request.
• It constructs a password reset link by directly using the Host header from the HTTP request. This allows an attacker to manipulate the Host header and potentially redirect the password reset link to a malicious site.

😎 Secure Code

https://securitycipher.com/docs/host-header-injection/

Host Header Injection

#securecode #securecodeseries #bugbounty