Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Respecting Host Headers
Date: December 02, 2009 10:24AM

I was just reading RSnake's recent DNS Rebinding blog posts where he keeps stating "respect the host header". Is he simply meaning to verify that something like $_SERVER['HTTP_HOST'] in a PHP context matches one's domain??

----------------------------------------
I joke about anything that's serious, but I take my joking very seriously.

Options: ReplyQuote
Re: Respecting Host Headers
Posted by: barbarianbob
Date: December 03, 2009 12:02AM

Yup. Because the victim will end up sending the attacking site's host name to you in HTTP_HOST.

Options: ReplyQuote


Sorry, only registered users may post in this forum.