source: nikto-2.1.2/plugins/nikto_apache_expect_xss.plugin @ 484

Revision 484, 2.0 KB checked in by sullo, 3 years ago (diff)

2.1.2 branch
RevLine 
[484]1#VERSION,2.02
2# $Id: nikto_apache_expect_xss.plugin 483 2010-07-11 04:19:01Z sullo $
3###############################################################################
4#  Copyright (C) 2008 CIRT, Inc.
5#
6#  This program is free software; you can redistribute it and/or
7#  modify it under the terms of the GNU General Public License
8#  as published by the Free Software Foundation; version 2
9#  of the License only.
10#
11#  This program is distributed in the hope that it will be useful,
12#  but WITHOUT ANY WARRANTY; without even the implied warranty of
13#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14#  GNU General Public License for more details.
15#
16#  You should have received a copy of the GNU General Public License
17#  along with this program; if not, write to the Free Software
18#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
19###############################################################################
20# PURPOSE:
21# Test Apache's expect header XSS
22###############################################################################
23sub nikto_apache_expect_xss_init {
24    my $id = {
25        name        => "apache_export_xss",
26        full_name   => "Apache Expect XSS",
27        author      => "Sullo",
28        description =>
29            "Checks whether the web servers has a cross-site scripting vulnerability through the Expect: HTTP header",
30        hooks       =>  {
31                            scan => {
32                                method => \&nikto_apache_expect_xss,
33                            },
34                        },     
35        copyright   => "2008 CIRT Inc."
36    };
37    return $id;
38}
39
40sub nikto_apache_expect_xss {
41    my ($mark) = @_;
42    my %headers = ('Expect', '<script>alert(xss)</script>');
43    (my $RES, $CONTENT) = nfetch($mark, "/", "GET", "", \%headers, "", "apache_expect_xss");
44
45    if ($CONTENT =~ /<script>alert\(xss\)<\/script>/) {
46        add_vulnerability($mark, "Apache is vulnerable to XSS via the Expect header", 999974,
47                          27487);
48    }
49}
50
511;
Note: See TracBrowser for help on using the repository browser.