Closed this issue 3 years ago · 0 comments
Host value in HTTP header is not checked. Modifying Host header in HTTP request modifies the all links to an arbitrary value. Included example request, result, and location of bug in the source code.