{"id":7,"date":"2020-03-15T01:30:17","date_gmt":"2020-03-14T20:00:17","guid":{"rendered":"https:\/\/www.pethuraj.com\/blog\/?p=7"},"modified":"2021-05-25T19:36:51","modified_gmt":"2021-05-25T14:06:51","slug":"how-i-earned-800-for-host-header-injection-vulnerability","status":"publish","type":"post","link":"https:\/\/www.pethuraj.com\/blog\/how-i-earned-800-for-host-header-injection-vulnerability\/","title":{"rendered":"How I earned $800 for Host Header Injection Vulnerability"},"content":{"rendered":"\n<p>HTTP response header injection vulnerabilities arise when user-supplied data is reflected into a response header in an unsafe way.<\/p>\n\n\n\n<p>The host header specifies which website or web application should process an incoming HTTP request. Host header attack possible, an attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways.<\/p>\n\n\n\n<p>The Host header determines which site an web application should process an approaching HTTP request.<\/p>\n\n\n\n<p>They pose many risks and induce various attack vectors namely<br>\u2981 password reset poisoning \/ invite feature poisoning<br>\u2981 cache poisoning<br>\u2981 access to other internal host\/application<br>\u2981 XSS, etc.<\/p>\n\n\n\n<p>TIP<\/p>\n\n\n\n<p>If the website works with an arbitrary host header, the client can modify the host header to contain anything. This can introduce a security issue if the host header is then used within the application.<\/p>\n\n\n\n<p>Attack Scenario:<\/p>\n\n\n\n<p>\u2981 The attacker sends a reset password request to another user by modifying the Host Header in the request with any malicious site.<br>\u2981 The user receives an email to reset the password, clicks the link and proceeds further with the malicious link.<br>\u2981 By this way, an attacker can obtain valid password reset token for any user.<\/p>\n\n\n\n<p>I found this vulnerability on a private program on Bugcrowd platform. I started to test for vulnerabilities such as XSS, CSRF, etc. Interestingly the application accepts arbitrary Host Header and so I decided to test for Cache Poisoning on the Password reset endpoint.<\/p>\n\n\n\n<p>I\u2019ve explained below on how to reproduce Host Header Injection to poison the Password Reset link and to take over accounts.<\/p>\n\n\n\n<p>Writeup<\/p>\n\n\n\n<p>The password reset page looks like this.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"821\" height=\"365\" src=\"https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2020\/09\/password-reset.png\" alt=\"\" class=\"wp-image-9\" srcset=\"https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2020\/09\/password-reset.png 821w, https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2020\/09\/password-reset-300x133.png 300w, https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2020\/09\/password-reset-768x341.png 768w, https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2020\/09\/password-reset-359x160.png 359w\" sizes=\"(max-width: 821px) 100vw, 821px\" \/><\/figure>\n\n\n\n<p>Now, just type the email to reset the password and fire up Burp Suite to intercept the traffic and click Reset Password.<\/p>\n\n\n\n<figure class=\"wp-block-gallery columns-1 is-cropped wp-block-gallery-1 is-layout-flex wp-block-gallery-is-layout-flex\"><ul class=\"blocks-gallery-grid\"><li class=\"blocks-gallery-item\"><figure><img decoding=\"async\" width=\"1024\" height=\"475\" src=\"https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2020\/09\/password-reset-burp-1-1024x475.png\" alt=\"\" data-id=\"10\" data-full-url=\"https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2020\/09\/password-reset-burp-1.png\" data-link=\"https:\/\/www.pethuraj.com\/blog\/?attachment_id=10\" class=\"wp-image-10\" srcset=\"https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2020\/09\/password-reset-burp-1-1024x475.png 1024w, https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2020\/09\/password-reset-burp-1-300x139.png 300w, https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2020\/09\/password-reset-burp-1-768x357.png 768w, https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2020\/09\/password-reset-burp-1-359x167.png 359w, https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2020\/09\/password-reset-burp-1.png 1215w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/li><\/ul><\/figure>\n\n\n\n<p>Now on the Burp Suite, capture the request and change the HTTP Request Header Host parameter from the original URL to any site you wish. I\u2019ve used google.com as example below.<\/p>\n\n\n\n<p>Now when you analyse the above screenshot, the Host header is changed to a malicious site, forward the request and when the request been passed, the attack triggers.<\/p>\n\n\n\n<p>An email containing the password reset link will be sent to the user.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"192\" src=\"https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2020\/09\/password-reset-link-sent-successfully-1024x192.png\" alt=\"\" class=\"wp-image-11\" srcset=\"https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2020\/09\/password-reset-link-sent-successfully-1024x192.png 1024w, https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2020\/09\/password-reset-link-sent-successfully-300x56.png 300w, https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2020\/09\/password-reset-link-sent-successfully-768x144.png 768w, https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2020\/09\/password-reset-link-sent-successfully-359x67.png 359w, https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2020\/09\/password-reset-link-sent-successfully.png 1296w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>As you can see, the received password reset link has been sent containing the Poisoned password reset link.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"888\" height=\"246\" src=\"https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2020\/09\/successful-Password-reset-link.jpg\" alt=\"\" class=\"wp-image-12\" srcset=\"https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2020\/09\/successful-Password-reset-link.jpg 888w, https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2020\/09\/successful-Password-reset-link-300x83.jpg 300w, https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2020\/09\/successful-Password-reset-link-768x213.jpg 768w, https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2020\/09\/successful-Password-reset-link-359x99.jpg 359w\" sizes=\"(max-width: 888px) 100vw, 888px\" \/><\/figure>\n\n\n\n<p>This allowed me to steal the user\u2019s password reset token.<\/p>\n\n\n\n<p>For reporting this vulnerability sensibly, I\u2019ve been awarded with $800 \ud83d\udcb0<\/p>\n\n\n\n<p>References:<\/p>\n\n\n\n<p><a href=\"https:\/\/portswigger.net\/kb\/issues\/00200200_http-response-header-injectionhttps:\/\/www.acunetix.com\/blog\/articles\/automated-detection-of-host-header-attacks\/\">https:\/\/portswigger.net\/kb\/issues\/00200200_http-response-header-injection<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/portswigger.net\/kb\/issues\/00200200_http-response-header-injectionhttps:\/\/www.acunetix.com\/blog\/articles\/automated-detection-of-host-header-attacks\/\">https:\/\/www.acunetix.com\/blog\/articles\/automated-detection-of-host-header-attacks\/<\/a><\/p>\n\n\n\n<p>Thanks for reading this article. Stay tuned for more Bug bounty &amp; Pentesting tutorials!<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>You may like<\/strong><\/h3>\n\n\n<div class=\"pt-cv-wrapper\"><div class=\"pt-cv-view pt-cv-grid pt-cv-colsys\" id=\"pt-cv-view-e8756edlsh\"><div data-id=\"pt-cv-page-1\" class=\"pt-cv-page\" data-cvc=\"2\"><div class=\"col-md-6 col-sm-6 col-xs-12 pt-cv-content-item pt-cv-1-col\" ><div class='pt-cv-ifield'><a href=\"https:\/\/www.pethuraj.com\/blog\/how-to-use-burp-suite-like-a-pro-part-2\/\" class=\"_self pt-cv-href-thumbnail pt-cv-thumb-default\" target=\"_self\" ><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"150\" src=\"https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2025\/01\/Use-Burp-Suite-like-a-PRO-Part-2-300x150.png\" class=\"pt-cv-thumbnail\" alt=\"\" srcset=\"https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2025\/01\/Use-Burp-Suite-like-a-PRO-Part-2-300x150.png 300w, https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2025\/01\/Use-Burp-Suite-like-a-PRO-Part-2-768x384.png 768w, https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2025\/01\/Use-Burp-Suite-like-a-PRO-Part-2.png 800w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a>\n<h4 class=\"pt-cv-title\"><a href=\"https:\/\/www.pethuraj.com\/blog\/how-to-use-burp-suite-like-a-pro-part-2\/\" class=\"_self\" target=\"_self\" >How to use Burp Suite Like a PRO? PART \u2013 2<\/a><\/h4>\n<div class=\"pt-cv-content\">Ready to level up your Burp Suite skills? In part 2, I've compiled some awesome tips and tricks to help ...<br \/><div class=\"pt-cv-rmwrap\"><a href=\"https:\/\/www.pethuraj.com\/blog\/how-to-use-burp-suite-like-a-pro-part-2\/\" class=\"_self pt-cv-readmore btn btn-success\" target=\"_self\">Read More<\/a><\/div><\/div><\/div><\/div>\n<div class=\"col-md-6 col-sm-6 col-xs-12 pt-cv-content-item pt-cv-1-col\" ><div class='pt-cv-ifield'><a href=\"https:\/\/www.pethuraj.com\/blog\/use-burpsuite-like-a-pro-part-1\/\" class=\"_self pt-cv-href-thumbnail pt-cv-thumb-default\" target=\"_self\" ><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"150\" src=\"https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2022\/07\/Mastering-Burp-suite-300x150.png\" class=\"pt-cv-thumbnail\" alt=\"burp suite advanced tutorials\" srcset=\"https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2022\/07\/Mastering-Burp-suite-300x150.png 300w, https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2022\/07\/Mastering-Burp-suite-768x384.png 768w, https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2022\/07\/Mastering-Burp-suite.png 800w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a>\n<h4 class=\"pt-cv-title\"><a href=\"https:\/\/www.pethuraj.com\/blog\/use-burpsuite-like-a-pro-part-1\/\" class=\"_self\" target=\"_self\" >How to use Burp Suite Like a PRO? PART &#8211; 1<\/a><\/h4>\n<div class=\"pt-cv-content\">This blog series is an advanced tutorial of the popular web application security and penetration testing tool Burp Suite,\u00a0to help ...<br \/><div class=\"pt-cv-rmwrap\"><a href=\"https:\/\/www.pethuraj.com\/blog\/use-burpsuite-like-a-pro-part-1\/\" class=\"_self pt-cv-readmore btn btn-success\" target=\"_self\">Read More<\/a><\/div><\/div><\/div><\/div><\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>HTTP response header injection vulnerabilities arise when user-supplied data is reflected into a response header in an unsafe way. The host header specifies which website<\/p>\n","protected":false},"author":1,"featured_media":13,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[2],"class_list":["post-7","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-host-header-injection"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How I earned $800 for Host Header Injection Vulnerability - Pethuraj&#039;s Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.pethuraj.com\/blog\/how-i-earned-800-for-host-header-injection-vulnerability\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How I earned $800 for Host Header Injection Vulnerability - Pethuraj&#039;s Blog\" \/>\n<meta property=\"og:description\" content=\"HTTP response header injection vulnerabilities arise when user-supplied data is reflected into a response header in an unsafe way. The host header specifies which website\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.pethuraj.com\/blog\/how-i-earned-800-for-host-header-injection-vulnerability\/\" \/>\n<meta property=\"og:site_name\" content=\"Pethuraj&#039;s Blog\" \/>\n<meta property=\"article:published_time\" content=\"2020-03-14T20:00:17+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-05-25T14:06:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2020\/09\/host-header.png\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Pethuraj\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/how-i-earned-800-for-host-header-injection-vulnerability\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/how-i-earned-800-for-host-header-injection-vulnerability\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/#\\\/schema\\\/person\\\/6753ae21567c179c4592cb8ed33406aa\"},\"headline\":\"How I earned $800 for Host Header Injection Vulnerability\",\"datePublished\":\"2020-03-14T20:00:17+00:00\",\"dateModified\":\"2021-05-25T14:06:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/how-i-earned-800-for-host-header-injection-vulnerability\\\/\"},\"wordCount\":446,\"publisher\":{\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/how-i-earned-800-for-host-header-injection-vulnerability\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/host-header.png\",\"keywords\":[\"Host Header Injection\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/how-i-earned-800-for-host-header-injection-vulnerability\\\/\",\"url\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/how-i-earned-800-for-host-header-injection-vulnerability\\\/\",\"name\":\"How I earned $800 for Host Header Injection Vulnerability - Pethuraj&#039;s Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/how-i-earned-800-for-host-header-injection-vulnerability\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/how-i-earned-800-for-host-header-injection-vulnerability\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/host-header.png\",\"datePublished\":\"2020-03-14T20:00:17+00:00\",\"dateModified\":\"2021-05-25T14:06:51+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/how-i-earned-800-for-host-header-injection-vulnerability\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/how-i-earned-800-for-host-header-injection-vulnerability\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/how-i-earned-800-for-host-header-injection-vulnerability\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/host-header.png\",\"contentUrl\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/host-header.png\",\"width\":800,\"height\":400},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/how-i-earned-800-for-host-header-injection-vulnerability\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How I earned $800 for Host Header Injection Vulnerability\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/\",\"name\":\"Pethuraj&#039;s Blog\",\"description\":\"Bug Bounty Writeups\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/#organization\",\"name\":\"Pethuraj&#039;s Blog\",\"url\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/05\\\/pethuraj.png\",\"contentUrl\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/05\\\/pethuraj.png\",\"width\":949,\"height\":268,\"caption\":\"Pethuraj&#039;s Blog\"},\"image\":{\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/#\\\/schema\\\/person\\\/6753ae21567c179c4592cb8ed33406aa\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/62aeafbe8da471ade35eb14bbbac3f6c7206b2574d0889bd6b1128fb61ca5644?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/62aeafbe8da471ade35eb14bbbac3f6c7206b2574d0889bd6b1128fb61ca5644?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/62aeafbe8da471ade35eb14bbbac3f6c7206b2574d0889bd6b1128fb61ca5644?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/pethuraj.com\\\/blog\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/pethu\\\/\",\"https:\\\/\\\/x.com\\\/Pethuraj\"],\"url\":\"https:\\\/\\\/www.pethuraj.com\\\/blog\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How I earned $800 for Host Header Injection Vulnerability - Pethuraj&#039;s Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.pethuraj.com\/blog\/how-i-earned-800-for-host-header-injection-vulnerability\/","og_locale":"en_US","og_type":"article","og_title":"How I earned $800 for Host Header Injection Vulnerability - Pethuraj&#039;s Blog","og_description":"HTTP response header injection vulnerabilities arise when user-supplied data is reflected into a response header in an unsafe way. The host header specifies which website","og_url":"https:\/\/www.pethuraj.com\/blog\/how-i-earned-800-for-host-header-injection-vulnerability\/","og_site_name":"Pethuraj&#039;s Blog","article_published_time":"2020-03-14T20:00:17+00:00","article_modified_time":"2021-05-25T14:06:51+00:00","og_image":[{"width":800,"height":400,"url":"https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2020\/09\/host-header.png","type":"image\/png"}],"author":"admin","twitter_card":"summary_large_image","twitter_creator":"@Pethuraj","twitter_misc":{"Written by":"admin","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.pethuraj.com\/blog\/how-i-earned-800-for-host-header-injection-vulnerability\/#article","isPartOf":{"@id":"https:\/\/www.pethuraj.com\/blog\/how-i-earned-800-for-host-header-injection-vulnerability\/"},"author":{"name":"admin","@id":"https:\/\/www.pethuraj.com\/blog\/#\/schema\/person\/6753ae21567c179c4592cb8ed33406aa"},"headline":"How I earned $800 for Host Header Injection Vulnerability","datePublished":"2020-03-14T20:00:17+00:00","dateModified":"2021-05-25T14:06:51+00:00","mainEntityOfPage":{"@id":"https:\/\/www.pethuraj.com\/blog\/how-i-earned-800-for-host-header-injection-vulnerability\/"},"wordCount":446,"publisher":{"@id":"https:\/\/www.pethuraj.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.pethuraj.com\/blog\/how-i-earned-800-for-host-header-injection-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2020\/09\/host-header.png","keywords":["Host Header Injection"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.pethuraj.com\/blog\/how-i-earned-800-for-host-header-injection-vulnerability\/","url":"https:\/\/www.pethuraj.com\/blog\/how-i-earned-800-for-host-header-injection-vulnerability\/","name":"How I earned $800 for Host Header Injection Vulnerability - Pethuraj&#039;s Blog","isPartOf":{"@id":"https:\/\/www.pethuraj.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.pethuraj.com\/blog\/how-i-earned-800-for-host-header-injection-vulnerability\/#primaryimage"},"image":{"@id":"https:\/\/www.pethuraj.com\/blog\/how-i-earned-800-for-host-header-injection-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2020\/09\/host-header.png","datePublished":"2020-03-14T20:00:17+00:00","dateModified":"2021-05-25T14:06:51+00:00","breadcrumb":{"@id":"https:\/\/www.pethuraj.com\/blog\/how-i-earned-800-for-host-header-injection-vulnerability\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.pethuraj.com\/blog\/how-i-earned-800-for-host-header-injection-vulnerability\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.pethuraj.com\/blog\/how-i-earned-800-for-host-header-injection-vulnerability\/#primaryimage","url":"https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2020\/09\/host-header.png","contentUrl":"https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2020\/09\/host-header.png","width":800,"height":400},{"@type":"BreadcrumbList","@id":"https:\/\/www.pethuraj.com\/blog\/how-i-earned-800-for-host-header-injection-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.pethuraj.com\/blog\/"},{"@type":"ListItem","position":2,"name":"How I earned $800 for Host Header Injection Vulnerability"}]},{"@type":"WebSite","@id":"https:\/\/www.pethuraj.com\/blog\/#website","url":"https:\/\/www.pethuraj.com\/blog\/","name":"Pethuraj&#039;s Blog","description":"Bug Bounty Writeups","publisher":{"@id":"https:\/\/www.pethuraj.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.pethuraj.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.pethuraj.com\/blog\/#organization","name":"Pethuraj&#039;s Blog","url":"https:\/\/www.pethuraj.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.pethuraj.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2021\/05\/pethuraj.png","contentUrl":"https:\/\/www.pethuraj.com\/blog\/wp-content\/uploads\/2021\/05\/pethuraj.png","width":949,"height":268,"caption":"Pethuraj&#039;s Blog"},"image":{"@id":"https:\/\/www.pethuraj.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.pethuraj.com\/blog\/#\/schema\/person\/6753ae21567c179c4592cb8ed33406aa","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/62aeafbe8da471ade35eb14bbbac3f6c7206b2574d0889bd6b1128fb61ca5644?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/62aeafbe8da471ade35eb14bbbac3f6c7206b2574d0889bd6b1128fb61ca5644?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/62aeafbe8da471ade35eb14bbbac3f6c7206b2574d0889bd6b1128fb61ca5644?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/pethuraj.com\/blog","https:\/\/www.linkedin.com\/in\/pethu\/","https:\/\/x.com\/Pethuraj"],"url":"https:\/\/www.pethuraj.com\/blog\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.pethuraj.com\/blog\/wp-json\/wp\/v2\/posts\/7","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.pethuraj.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.pethuraj.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.pethuraj.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.pethuraj.com\/blog\/wp-json\/wp\/v2\/comments?post=7"}],"version-history":[{"count":11,"href":"https:\/\/www.pethuraj.com\/blog\/wp-json\/wp\/v2\/posts\/7\/revisions"}],"predecessor-version":[{"id":303,"href":"https:\/\/www.pethuraj.com\/blog\/wp-json\/wp\/v2\/posts\/7\/revisions\/303"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.pethuraj.com\/blog\/wp-json\/wp\/v2\/media\/13"}],"wp:attachment":[{"href":"https:\/\/www.pethuraj.com\/blog\/wp-json\/wp\/v2\/media?parent=7"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.pethuraj.com\/blog\/wp-json\/wp\/v2\/categories?post=7"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.pethuraj.com\/blog\/wp-json\/wp\/v2\/tags?post=7"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}