嘗試查看伺服器(在測試實驗室中)是否容易受到主機標頭注入的攻擊。在第二種情況下,我將主機頭插入為“www.cow.com”,仍然得到 302 Found。這是否意味著這很容易受到主機注入的影響?如果不是,我會看到 404 not found 嗎?
場景一:
kali01:~$ curl -v http://10.10.10.10/login.html
* Trying 10.10.10.10:80...
* TCP_NODELAY set
* Connected to 10.10.10.10 (10.10.10.10) port 80 (#0)
> GET /login.html HTTP/1.1
> Host: 10.10.10.10
> User-Agent: curl/7.67.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 302 Found
< Location: https://10.10.10.10:443/login.html
< Connection: close
< Strict-Transport-Security: max-age=15552000, preload
< X-Frame-Options: DENY
< Content-Length: 0
- 場景2:
當主機頭www.cow.com插入後,我仍然得到 302 Found。
kali01:~$ curl -H "Host:www.cow.com" -v http://10.10.10.10/login.html
* Trying 10.10.10.10:80...
* TCP_NODELAY set
* Connected to 10.10.10.10 (10.10.10.10) port 80 (#0)
> GET /login.html HTTP/1.1
> Host:www.cow.com
> User-Agent: curl/7.67.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 302 Found
< Location: https://www.cow.com:443/login.html
< Connection: close
< Strict-Transport-Security: max-age=15552000, preload
< X-Frame-Options: DENY
< Content-Length: 0
<
* Closing connection 0