https://bz.apache.org/bugzilla/show_bug.cgi?id=60270

            Bug ID: 60270
           Summary: Apache COOKIE Information Disclosure
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: PC
                OS: Windows NT
            Status: NEW
          Severity: normal
          Priority: P2
         Component: All
          Assignee: bugs@httpd.apache.org
          Reporter: sagarbha...@gmail.com

Created attachment 34384
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=34384&action=edit
LATEST VERSION Apache.org BUG in apache

Dear Team,

I am Sagar Bhavar from Pune.
I found the below mentioned a Serious Apache Vulnerability on your domain.

Name of Vuln.:  COOKIE INFORMATION DISCLOSURE

Affected URL: http://www.apache.org/

Issue: protocol.c in the Apache HTTP Server does not properly restrict header
information during construction of Bad Request (aka 400) error documents, which
allows remote attackers to obtain the values of HTTPOnly cookies via vectors
involving a long or malformed header in conjunction with crafted web script. By
taking advantage with this attacker could launch further attack.

VULNERABLE APACHE WEB-SERVER VERSION

Exploit Available: YES (Publicly) 

Step to Reproduce: 

Step 1: Open the URL in browser - http://www.apache.org/

Step 2: Right click in the webpage

Step 3: Click on the 'Inspect Element' Option from the menu

Step 4: Put the exploit code in console window ( For exploit code see the
bottom of the email) 

Step 5: Without modification of code it will pop-up with cookie poisoning

Step 6: Now modify code to document.cookie to show cookie poisoning in pop-up
window

Step 7: Also can modify code to document.location="http://example.com"; to
redirect site to any other site

Step 8: Now if we visit to http://www.apache.org/ then will get a error page
with cookie poisoning and unavailable page.

Step 9: Now if you try to refresh same page again and again it will gives you
same error page.

Exploit Code: Can be download from the following Link-
"https://gist.githubusercontent.com/pilate/1955a1c28324d4724b7b/raw/7fe51f2a66c1d4a40a736540b3ad3fde02b7fb08/apachexss.js";
"https://www.exploit-db.com/exploits/18442/";


Also please find the attachment for detailed screen capture and exploit code
file. 

Awaiting for your valuable reply.

--
Thanks & Regards
Sagar Bhavar


sagarbha...@gmail.com

Date : 18 October 2016 || issue reported and found date on apache.org

// Please update above dropdown field accordingly

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

Reply via email to