Please wait while updating issue type...
This issue is blocking the next release
Access to this issue is restricted, which means only users with access to internal issues can see this issue.
This issue has been closed with status "Investigating" and resolution "Not determined".
Since the application is not validating the headers value, an attacker can inject the “X-Forwarded-Host” header in order to redirect the response to another domain.
How to reproduce
- Login to the TBG application with any valid user and perform a search; save it.
- Fill out the fields with any value and click on the “Save search” button.
- Intercept the request with any proxy tool and add the following header: X- Forwarded-Host: attacker.com.
- Click on the “Run to Completion” button to proceed with the request.
- As you can see, a 200 OK response was received, proving that it is possible to inject a header in the request.
Drop the file to upload it
Type of bugNot triaged
Affected by this issue 0
Times and dates
Estimated time No time estimated
Time spent No time spent
Unknown Not determined
This issue has been deleted This message will disappear when you reload the page.