According to the RFC 2616 standard, the ‘Host’ header is mandatory in an HTTP request. It indicates the host and, if applicable, the port of the requested resource, as in a URL.
In practical terms, this header allows the server to correctly redirect the request to the right site, particularly when several domain names share the same IP address. The value of the Host header generally corresponds to the domain name in the URL.
A simple line break seems harmless when thinking about a web application. However, if poorly managed, it can open the door to serious attacks.
This is precisely the case with CRLF injections, an often underestimated vulnerability that involves inserting end-of-line control characters into requests or responses.
Deserialisation vulnerabilities are often difficult to exploit. In most cases, you need access to the source code to identify the available classes or libraries used. This allows you to choose a suitable gadget chain or build a new one.
However, access to the source code is not always possible. It generally requires high privileges or the prior exploitation of another vulnerability.
As part of our internal penetration tests, we regularly encounter AD CS (Active Directory Certificate Services) infrastructures deployed on corporate networks.
This component always catches our attention, as inadequate configuration can quickly pave the way for total compromise of the Active Directory domain.
On many web applications, the option of uploading files is a standard feature.
Whether it’s adding a profile photo or sending a document, file upload simplifies user interaction. But this functionality is not without risks.
To improve the display speed of web pages and lighten server loads, many companies rely on caching mechanisms.
This system enables frequently requested resources (such as images, scripts or HTML pages) to be stored temporarily, so that they can be served up more quickly on subsequent requests.
