BestHub
Sign in
Tagged articles
5 articles
Page 1 of 1
vivo Internet Technology
vivo Internet Technology
Mar 8, 2023 · Information Security

Web Cache Poisoning and HTTP Request Smuggling: Principles, Attack Scenarios, and Defenses

The article explains how misconfigured caches and inconsistent front‑end/back‑end parsing enable web cache poisoning and HTTP request smuggling attacks, illustrates practical exploitation scenarios, and recommends disabling caching, unifying request‑boundary logic, and adopting HTTP/2 or strict configurations to defend against these high‑impact threats.

Defense StrategiesHTTP request smugglingRequest Smuggling
0 likes · 16 min read
Web Cache Poisoning and HTTP Request Smuggling: Principles, Attack Scenarios, and Defenses
Laravel Tech Community
Laravel Tech Community
Feb 6, 2022 · Information Security

Understanding and Exploiting HTTP Host Header Attacks

This article explains the purpose of the HTTP Host header, how Host header attacks arise when the header is trusted or altered, demonstrates exploitation techniques such as modifying, duplicating, or injecting alternative header fields, and provides mitigation strategies to protect web applications.

Attack TechniquesHTTP Host headerSSRF
0 likes · 19 min read
Understanding and Exploiting HTTP Host Header Attacks
Programmer DD
Programmer DD
Jan 14, 2022 · Information Security

Exploiting HTTP Host Header: From Password Reset Poisoning to SSRF

This article explains the purpose of the HTTP Host header, how Host header attacks work, methods to discover and exploit them—including password‑reset poisoning, cache poisoning, access‑control bypass, and SSRF—and provides practical mitigation techniques for developers and security teams.

HTTP Host headerSSRFWeb Security
0 likes · 20 min read
Exploiting HTTP Host Header: From Password Reset Poisoning to SSRF
System Architect Go
System Architect Go
Mar 6, 2021 · Information Security

Understanding and Exploiting HTTP Host Header Attacks

This article explains how misconfigured HTTP Host headers can be abused for attacks such as cache poisoning, SSRF, password‑reset poisoning and other server‑side exploits, and provides practical detection methods and defensive recommendations for developers and security engineers.

HTTPHost headerSSRF
0 likes · 26 min read
Understanding and Exploiting HTTP Host Header Attacks
Baidu Tech Salon
Baidu Tech Salon
Apr 15, 2014 · Information Security

Web Traffic Hijacking: Risks, Techniques, and Defenses

Web traffic hijacking exploits the plaintext nature of HTTP to inject malicious scripts, steal cookies and saved passwords, poison caches or offline storage, bypass HTTPS redirects, and even compromise downloads, making unauthenticated browsing, auto‑fill features, and public Wi‑Fi especially dangerous without proper defenses.

HTTPSTraffic HijackingWeb Security
0 likes · 27 min read
Web Traffic Hijacking: Risks, Techniques, and Defenses