CVE-2019-10092 Exploitation Attempt

Aug 21, 2020 ·

Detects Cross-Site Scripting attack in mod_proxy error page

Sigma rule (View on GitHub)

 1title: CVE-2019-10092 Exploitation Attempt
 2id: bb065903-4c8f-4a0d-9fb9-eedfc7304e1a
 3status: experimental
 4description: Detects Cross-Site Scripting attack in mod_proxy error page
 5references:
 6  - https://0day.work/proof-of-concept-for-apache-httpd-limited-cross-site-scripting-in-mod_proxy-error-page-cve-2019-10092/
 7author: Loginsoft Research Unit 
 8date: 2020/06/17
 9logsource:
10 product: apache
11 category: webserver
12detection:
13  selection:
14    c-uri|contains: 
15      - '/%09'
16      - '/%5c'
17  condition: selection
18level: low```

References

Proof of Concept for "Apache Httpd Limited cross-site scripting in mod_proxy error page (CVE-2019-10092)"

A few days ago, I came across the Apache Httpd Security Page and read about a XSS issue in mod_proxy. I couldn't find a Proof-of-Concept right away, so I dug into it and finally managed to exploit it. Citing the security report for CVE-2019-10092: low: Limited cross-site scripting in

Read More

CVE-2019-10092 Exploitation Attempt

Sigma rule (View on GitHub)

References

Proof of Concept for "Apache Httpd Limited cross-site scripting in mod_proxy error page (CVE-2019-10092)"