header-logo
Suggest Exploit
vendor:
HTTPd
by:
5.5
CVSS
MEDIUM
Server Side Request Forgery (SSRF)
918
CWE
Product Name: HTTPd
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

HTTPd Server Side Request Forgery (SSRF) via Vertical Tab (%09) Exploit

The exploit involves using a vertical tab (%09) followed by another URL in the tag. When a victim clicks the link on the error page, they will be redirected to a different destination. The exploit URL format is `http://domain.tld/%09//otherdomain.tld`.

Mitigation:

To mitigate this vulnerability, ensure that user-supplied URLs are properly validated and sanitized. Additionally, consider implementing a whitelist of allowed URLs to restrict potential SSRF attacks.
Source

Exploit-DB raw data:

The trick is to use a vertical tab (`%09`) and then place another URL in the tag. So once a victim clicks the link on the error page, she will go somewhere else.

As you can see, the browser changes the destination from relative / to an absolute url https://enoflag.de. The exploit is `http://domain.tld/%09//otherdomain.tld`

Here's the httpd configuration to reproduce the behavior:

```
    <Location />
        ProxyPass http://127.0.0.1:9000/ connectiontimeout=1 timeout=2
        ProxyPassReverse http://127.0.0.1:9000/ 
        Order allow,deny
        Allow from all
    </Location>
```

Navigation

Suggest Exploit

Services By CQR