Host Header Injection – atutorv2.2.4 – Full Disclosure

by Joe-W · January 27, 2025

Posted by Andrey Stoykov on Jan 27

# Exploit Title: Host Header Injection – atutorv2.2.4
# Date: 01/2025
# Exploit Author: Andrey Stoykov
# Version: 2.2.4
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2025/01/friday-fun-pentest-series-18-host.html

Description:

– It was found that the application had a Host Header Injection
vulnerability.

Host Header Injection #1:

Steps to Reproduce:

1. Visit specific page of the application
2. Intercept the HTTP GET/POST…
– Read More – Full Disclosure