Description: This is a Proof of concept for the XSS Header Injection in Oracle HTTP Server. In fact, this later does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
More details: http://www.exploit-db.com/exploits/17393/
PDF Mirror: http://www.exploit-db.com/sploits/XSS_Header_Injection_in_OHS_by_Yasser.pdf
Tags: XSS Header Injection , OHS , Apache , attack , Expect header , Injection , Oracle , Oracle HTTP Server , vulnerability , PoC , Tampering ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.