Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2019-10092

Publish Date: 14 Oct 2019

                							

                The trick is to use a vertical tab (`%09`) and then place another URL in the tag. So once a victim clicks the link on the error page, she will go somewhere else.

As you can see, the browser changes the destination from relative / to an absolute url https://enoflag.de. The exploit is `http://domain.tld/%09//otherdomain.tld`

Here's the httpd configuration to reproduce the behavior:

```
    &lt;Location /&gt;
        ProxyPass http://127.0.0.1:9000/ connectiontimeout=1 timeout=2
        ProxyPassReverse http://127.0.0.1:9000/ 
        Order allow,deny
        Allow from all
    &lt;/Location&gt;
```

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Apache Httpd mod_proxy - Error Page Cross-Site Scripting

Vulmon Search

About

Products

Connect