Submitted by Editorial_Staff_Team on Sat, 09/03/2016 - 15:37
Parse HTTP Host Header Attack - Redirect Bug
The vulnerability laboratory core research team (SaifAllah benMassaoud) discovered a HTTP HOST Header attack (Injection & Redirection) via X-Forwarded-Host in the official Parse online service web-application. The host header can be changed to something outside the target domain and cause it to redirect to an attackers malicious site. The HTTP HOST Header attack (Injection & Redirection ) via X-Forwarded-Host vulnerability is located in the `/user_session/new/` and "/account/plan/" modules GET method request.
The attack vector scopes for manipulation of the caching systems by storing a page generated with a malicious host and serving it to others or abuse alternative channels like password reset emails where the poisoned content is delivered directly to the target and the request method to inject the Host payload is GET. Successful exploitation of the vulnerability results in session hijacking, persistent phishing attacks, persistent external redirects to malicious source and persistent manipulation of affected or connected application modules.
Proof of Concept :
HTTP HOST Header Attack (Injection & Redirection ) Via X-Forwarded-Host can be exploited by remote attackers with Medium privileged web-application user account. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to
Vulnerability Lab is a security vulnerability research laboratory that detects vulnerabilities, security issues, bugs and bad security practices in software, applications, systems or services by bringing this information to one independent lab, where manufacturers are notified in a professional timely manner.
Evolution Security (Vulnerability Laboratory) Representative: Benjamin Mejri (Kunz)