CVE-2006-3918
Apache HTTP Server 1.3.3-1.3.34 - Cross-Site Scripting via Expect Header
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2006-3918. PoCs published by Thiago Zaninotti, reallyngb.
AI-analyzed exploit summary This exploit demonstrates a header injection vulnerability in Apache HTTP Server, allowing an attacker to inject malicious scripts via the 'Expect' header. The PoC uses ActionScript to send a crafted HTTP request with a script payload, potentially leading to XSS attacks.
Description
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
Exploits (2)
This exploit demonstrates a header injection vulnerability in Apache HTTP Server, allowing an attacker to inject malicious scripts via the 'Expect' header. The PoC uses ActionScript to send a crafted HTTP request with a script payload, potentially leading to XSS attacks.
The repository provides a black-box penetration test report for the BadStore e-commerce platform, covering SQL injection, CVE-2006-3918, and other attack techniques. It includes MITRE ATT&CK mappings and OSINT-driven findings but lacks direct exploit code.