Header injection has been demonstrated to be possible using Flash  , but might be dependent on vulnerable Flash plugins. A relevant example published in the past is exploiting the Apache 'Expect' XSS  (CVE-2006-3918) using flash . However, in this case we need to spoof the HTTP METHOD to a specially-crafted value.
#!/bin/bash # PR07-37-scan if [ $# -ne 1 ] then echo "$0 <hosts-file>" exit fi for i in `cat $1` do if echo -en "<PROCHECKUP> / HTTP/1.1\nHost: $i\nConnection: close\nContent-length: 0\nContent-length: 0\n\n" | nc -w 4 $i 80 | grep -i '<PROCHECKUP>' > /dev/null then echo "$i is VULNERABLE!" fi done