URL redirect via host header manipulation

Hi,


Does anyone experience vulnerability issue with host header manipulation for outsystems web applications? If yes, can share some ideas how to perform a remedy or fix for this.


'Host' header in the HTTP request can cause the application to be redirected to another site or force the application to behave in unexpected ways.



Hi Hanz,

You can read the question and answers on this link: https://security.stackexchange.com/questions/163049/exploiting-http-redirect-function-via-the-host-header 

OutSystems always uses SSL (https) for its connections, which makes it most likely that the second answer on the referenced forum is valid in this case.

"You cannot send a custom Host header from the browser which means that you cannot exploit this by using a browser alone. And, since HTTPS is used you cannot mount a man in the middle attack to modify the Host header of an existing request. But even if HTTPS would not be used you gain not really anything new by modifying the Host header in the request since as a man in the middle you could already modify the Location header in the response anyway.

In summary, I doubt that the problem you've found can be used for anything malicious, at least not when using the browser as a client."

Hope this answers your doubts.

Kind regards,

Remco Dekkinga

Hi Remco,


My clients security team uses burp suite app to change the hostname in our application. It shows the same issue in the link you send above. 


Thank you,

Hanz