Next message: Ilya Teterin: "PHP local DoS: self-fetching throught HTTP"
The following problem is not registered on the vulnerabilities database.
http://www.securityfocus.com/vdb/middle.html?vendor=&title=Squid%20Web%20Proxy&version=any
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=squid
Related messages:
http://www.squid-cache.org/mail-archive/squid-dev/200010/0361.html
http://www.squid-cache.org/mail-archive/squid-dev/200011/0051.html
http://www.securityfocus.com/archive/82/142120
Fix:
http://www.squid-cache.org/Versions/v2/2.4/diff-2.4.DEVEL4-2.4.PRE-STABLE.gz
http://www.squid-cache.org/Versions/v2/2.3/diff-2.3.STABLE4-2.3.STABLE5.gz
--
Hiromitsu Takagi, Ph.D.
National Institute of Advanced Industrial Science and Technology,
Tsukuba Central 2, 1-1-1, Umezono, Tsukuba, Ibaraki 305-8568, Japan
http://www.etl.go.jp/~takagi/
Forwarded by "TAKAGI, Hiromitsu" <takagiat_private>
----------------------- Original Message -----------------------
From: Lincoln Yeoh <lyeohat_private>
To: VULN-DEVat_private
Date: Fri, 27 Oct 2000 17:47:00 +0800
Subject: Squid doesn't quote urls in error messages.
----
Hi,
I noticed that Squid 2.3.STABLE4 doesn't quote urls in error messages.
For example if a user visits the following url
http://www.dotcom.com/ <b>test</b>
The user will get an invalid url page with test in bold.
Or even more fun with:
http://www.somecompany.com/ src="http://www.mysite.com/mylogo.gif">
You can actually get a working form in such an error message! Javascript too.
So it may be possible to rip out other site's cookies from browsers using
this (see DKrypt's and other peoples stuff on it).
Also maybe do a fake form/page :).
I haven't really tried it myself, and so I can't confirm if it really works
(that's why it's in VULN-DEV ;) ).
Cheerio,
Link.
--------------------- Original Message Ends --------------------
This archive was generated by hypermail 2b30
: Wed Jul 18 2001 - 07:57:08 PDT
