Apache Httpd mod_proxy – Error Page Cross-Site Scripting

• Exploit Database
• 133 阅读

• 作者： Sebastian Neef
  日期： 2019-10-14
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/47688/
• 1 2 3 4 5 6 7 8 9 10 11 12 13

  The trick is to use a vertical tab (<code>%09</code>) and then place another URL in the tag. So once a victim clicks the link on the error page, she will go somewhere else.   As you can see, the browser changes the destination from relative / to an absolute url https://enoflag.de. The exploit is <code>http://domain.tld/%09//otherdomain.tld Here&apos;s the httpd configuration to reproduce the behavior: </code><code> <Location /> ProxyPass http://127.0.0.1:9000/ connectiontimeout=1 timeout=2 ProxyPassReverse http://127.0.0.1:9000/ Order allow,deny Allow from all </Location> </code><code>