Host header attack vulnerability exists in Lightcms 2.0 . An attacker can use man in the middle attack to attack users such as phishing

Question

Host header attack vulnerability exists in Lightcms 2.0 . An attacker can use man in the middle attack to attack users such as phishing

eexp opened this issue a year ago · comments

The system does not verify the host value. If the host value is modified, the link returned by the website will splice the malicious host value。like this：

And the header Referer does not verify the value too. we can jump any website and xss

Jianhua Sun · Answer 1 · Thu Apr 27 2023 14:56:33 GMT+0800 (China Standard Time)

https://portswigger.net/web-security/host-header