I’m working on a site and Ive found a few pages that vulnerable to open redirect when you add the
x-foward-host:evil.com it redirects to evil.com/index.php. Is this really a vulnerability. For this to be executed in the wild, the attacker would need to perform a MITM attack right? If the attacker was performing MITM they could redirect the victim to what ever site they want regardless of the vulnerable page, correct?
Is there anyway to inject a header with out mitm? I tried playing around with line returns, and http response splitting. Any advice would be much appreciated.