1. Web Security Academy
  2. HTTP Host header attacks
  3. Exploiting
  4. Lab

Lab: Host header authentication bypass


This lab makes an assumption about the privilege level of the user based on the HTTP Host header.

To solve the lab, access the admin panel and delete Carlos's account.

Find HTTP Host header vulnerabilities using Burp Suite

The benefits of working through PortSwigger's Web Security Academy

Get started with the Web Security Academy where you can practise exploiting vulnerabilities on realistic targets .. and its free!

Already got an account? Login here