Support #13280: [SCP ID :##6481##] : VAPT Findings - BIF-102375 - Kelemahan Host Injection - BI FAST Support - Penril Support System

Support #13280

[SCP ID :##6481##] : VAPT Findings - BIF-102375 - Kelemahan Host Injection

Added by Zahir Abd Latif almost 2 years ago. Updated almost 2 years ago.

Status:

Closed - End of life cycle

Start date:

October 26, 2022

Priority:

Normal

Due date:

Assignee:

Zahir Abd Latif

% Done:

100%

Category:

Spent time:

Target version:

Description

Hi,
Kindly attend below request:-

Deskripsi :

Pengujian pada aplikasi BIFAST menunjukan alikasi memiliki kelemahan pada pengaturan informasi HOST yang belum menerapkan pembatasan

Situs Target :

https://10.170.136.228/bifast-portal/

Rekomendasi :

Kami sarankan Implementasi pencegahan pada sisi Host. Referensi : https://portswigger.net/web-security/host-header

2. Kelemahan Host Injection.png (70.2 KB) Zahir Abd Latif, October 26, 2022 19:22

History

#1 Updated by Stephanie Sufrapto almost 2 years ago

Status changed from New - Begin Life Cycle to User Acceptance Test
Assignee changed from Bramantyo Pujo Wiyono to Zahir Abd Latif
% Done changed from 0 to 100

provide feedback 31 Oct 2022
Insert the following lines in between <VirtualHost:80>
ServerName StagingApacheWebServer IPAddress
ServerAlias StagingApacheWebServer IPAddress
DocumentRoot "/etc/httpd"

Restart Apache

#2 Updated by Zahir Abd Latif almost 2 years ago

Status changed from User Acceptance Test to Closed - End of life cycle

Issue closed in SCP.

Also available in: Atom PDF

B - Production Support » BI FAST Support

Issues

Support #13280

[SCP ID :##6481##] : VAPT Findings - BIF-102375 - Kelemahan Host Injection

History

#1 Updated by Stephanie Sufrapto almost 2 years ago

#2 Updated by Zahir Abd Latif almost 2 years ago