Recently we identified an issue with one of our application URL's. Issue is that, URL is vulnerable to Host Header Injection i.e. by supplying a malicious host header, its possible to modify the links generated in application or any other components(mail etc).
For example, if your application URL is 'abc.xyz.com', a hacker can alter the HOST parameter in the client request header to 'hack.url.com'.
Fix: To avoid this, add RewriteCond & RewriteRule conditions inside VirtualHost as mentioned below to reject anything that doesn't match the target domain.
httpd.conf:
<VirtualHost *:7004>
ServerName abc.xyz.com
ServerAlias abc.xyz.com
RewriteEngine on
RewriteOptions inherit
RewriteCond %{HTTP_HOST} ^abc.xyz.com
RewriteRule ^(.*)$ - [F,L]
</VirtualHost>
For example, if your application URL is 'abc.xyz.com', a hacker can alter the HOST parameter in the client request header to 'hack.url.com'.
Fix: To avoid this, add RewriteCond & RewriteRule conditions inside VirtualHost as mentioned below to reject anything that doesn't match the target domain.
httpd.conf:
<VirtualHost *:7004>
ServerName abc.xyz.com
ServerAlias abc.xyz.com
RewriteEngine on
RewriteOptions inherit
RewriteCond %{HTTP_HOST} ^abc.xyz.com
RewriteRule ^(.*)$ - [F,L]
</VirtualHost>
Nice .......It helps me a lot.
ReplyDelete