CVE-2022–31458.

RTX TRAP v1.0 was discovered to be vulnerable to Host Header Poisoning.

Discovered by: Shifa Cyclewala & Rohit Gautam from Hacktify Cyber Security.

Reference:
https://www.acunetix.com/vulnerabilities/web/host-header-attack/

What is Host Header Poisoning?

Host header poisoning is a web application security vulnerability that occurs when an attacker manipulates the Host header in an HTTP request to exploit the application’s trust in this header. The Host header is used by web servers to determine which website or virtual host the request is intended for.

Bug Description:

An attacker is able to perform host header poisoning in RTX TRAP v1.0 by supplying an attacker-controlled host header and making the application redirect to an attacker-controlled domain

Steps to Reproduce:

Step1 : Go to this https://example.com capture the request.

Step2 : Then modify the Host to Attacker Controlled Domain and the application will make a redirect to attacker controlled domain name

LinkedIn:
https://www.linkedin.com/in/shifa
https://www.linkedin.com/in/iamrohitg

Thank you
Shifa Cyclewala & Rohit Gautam from Hacktify Cyber Security