SKILL: HTTP Host Header Attacks — Injection & Routing Abuse

AI LOAD INSTRUCTION: Covers Host header injection for password reset poisoning, cache poisoning, SSRF via routing, and virtual host bypass. Includes bypass techniques for Host validation and framework-specific behaviors. Base models often miss the double-Host trick, absolute-URI override, and connection-state attacks.

0. RELATED ROUTING

• web-cache-deception when Host injection is combined with cache behavior
• ssrf-server-side-request-forgery when Host header routes requests to internal services
• open-redirect when Host injection causes redirect to attacker domain
• waf-bypass-techniques when Host manipulation helps bypass WAF routing
• request-smuggling when smuggling enables Host header manipulation past front-end validation
• subdomain-takeover when Host routing exposes internal vhosts resolvable via subdomain

1. ATTACK SURFACE

The Host header is used by web applications and infrastructure for: