lang:

PHP

regex:

_SERVER\[\s*('|")HTTP_HOST('|")\s*\]

description:

HTTP_HOST is remotely set via Host Header and poor usage often leads to injection or redirection attacks.
tags:
header injection
results