Skip to content

Host header attack vulnerability exists in fuel CMS 1.5.0. An attacker can use man in the middle attack to attack users such as phishing. #580

Closed
@bunneyOps

Description

@bunneyOps

The system does not verify the host value. If the host value is modified, the link returned by the website will splice the malicious host value。like this:
微信截图_20210806095405
微信截图_20210806095532

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions