Restcountries-server_version_leak

gistfile1.txt

import requests

# Target service URL
url = "http://192.168.126.129:8080/rest/v2/demonym/abc"

# Custom request headers
headers = {
    "Accept": "application/json"
}

# Send the GET request
response = requests.get(url, headers=headers)

# Extract the 'Server' header from the response
server_header = response.headers.get("Server", "No Server header found")

# Print status code and server header
print("[*] Status Code:", response.status_code)
print("[*] Server Header:", server_header)

# Check if the server header contains "Jetty" (indicating a version leak)
if "Jetty" in server_header:
    print("[+] Server version information is disclosed:", server_header)
    print("[!] Vulnerability detected: Server version disclosure. Consider hiding or masking the 'Server' header.")
else:
    print("[-] No obvious server version information detected.")