HTTP HOST header fake

AUG
22
Aug 22, 2008 by
0

Just a quick tip, if you use the HOST: header in your applications, remember, don't use it anywhere critical to security because it can be faked by someone with the know how. I know that there is some popular blogging software out there.... that had previously used $_SERVER['HTTP_HOST'] to include a file, if it is faked that is insecure.

Comments

Be the first to leave a comment on this post.

Leave a comment

To leave a comment, please log in / sign up


Categories

November 2024
Sun
Mon
Tue
Wed
Thu
Fri
Sat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

Archive


rss RSS Feed