Host Header Injection -> Authentication Bypass
Host header injection exploit vulnerable websites that handle the value of the Host header in an unsafe way. If the server implicitly trusts the Host header, and fails to validate or escape it properly, an attacker may be able to use this input to inject harmful payloads that manipulate server-side behavior. This could lead to authentication bypass.
Exploitation
This webapp is vulnerable to Host Header Injection that will allow us to access an internal admin interface.
We will refresh the page and intercept the request in burpsuite.
Here we are going to replace the host header with localhost to see if we can access an internal server.
As you can see we have accessed the admin interface of the internal server.