Why HTTP_HOST is evil
When browsing Stackoverflow I often notice users asking questions somehow involving the use of HTTP_HOST
. I nonchalantly hint on its vulnerable nature and fail to produce a hint on an article explaining why. Which is why I decided to take matters into my own hands.