Tuesday, August 9, 2016

Expect: alert(document.domain)

GET / HTTP/1.1
Expect: <script>alert(document.domain)</script>


Saw this request in some web logs, what is it? Appears to be a super old XSS (cross site scripting) vulnerability on Apache based web servers from like back in 2006. The attacker is thus looking to see if he can find super old servers that were never patched. The javascript alert method will create a popup box in the browser, and the document.domain variable will print out the current domain (beginning part of the url) that the page is on if vulnerable.

More about neonprimetime


Top Blogs of all-time
  1. pagerank botnet sql injection walk-thru
  2. DOM XSS 101 Walk-Through
  3. An Invoice email and a Hot mess of Java


Top Github Contributions
  1. Qualys Scantronitor 2.0


Copyright © 2016, this post cannot be reproduced or retransmitted in any form without reference to the original post.

1 comment:

  1. Have a reference for the Apache Expect header XSS? The same has been reported in a variety of other software including IBM WebSphere, IBM HTTP, and Hitachi for example.

    ReplyDelete