WRITEUP #4923

How I was able to take over any users account with host header injection

OtherHost header injection

by@evilboyajay(Ajay Gautam)

Bounty

900

Program

Published

Jan 23, 2020

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://medium.com/nassec-cybersecurity-writeups/how-i-was-able-to-take-over-any-users-account-with-host-header-injection-546fff6d0f2

▸ RELATED WRITEUPS

Data Theft in Salesforce: Manipulating Public Links

OtherSOQL injection

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

When Certificates Fail: A Story of Bypassed MFA in Remote Access

Other2FA / MFA bypass

SSTI in Bug Bounty Program: The Time I Played with Handlebars and Broke Stuff

OtherSSTI

Ghost In The Ppl Part 1: Byovdll

OtherUse-After-Free

Built with ❤️ by Shubham Rawat