Vulnerability Development mailing list archives
Squid doesn't quote urls in error messages.
From: Lincoln Yeoh <lyeoh () POP JARING MY>
Date: Fri, 27 Oct 2000 17:47:00 +0800
Hi, I noticed that Squid 2.3.STABLE4 doesn't quote urls in error messages. For example if a user visits the following url http://www.dotcom.com/ <b>test</b> The user will get an invalid url page with test in bold. Or even more fun with: http://www.somecompany.com/<img src="http://www.mysite.com/mylogo.gif"> You can actually get a working form in such an error message! Javascript too. So it may be possible to rip out other site's cookies from browsers using this (see DKrypt's and other peoples stuff on it). Also maybe do a fake form/page :). I haven't really tried it myself, and so I can't confirm if it really works (that's why it's in VULN-DEV ;) ). Cheerio, Link.
Current thread:
- Possible exploit in FreeBSD 4.0 John Herron (Oct 27)
- Re: Possible exploit in FreeBSD 4.0 Mark (Oct 27)
- Squid doesn't quote urls in error messages. Lincoln Yeoh (Oct 28)
- Re: Squid doesn't quote urls in error messages. Robert Collins (Oct 29)
- Re: Squid doesn't quote urls in error messages. 3APA3A (Oct 29)
- Squid doesn't quote urls in error messages. Lincoln Yeoh (Oct 28)
- Re: Possible exploit in FreeBSD 4.0 The Psychotic Viper (Oct 28)
- Re: Possible exploit in FreeBSD 4.0 Kris Kirby (Oct 30)
- <Possible follow-ups>
- Re: Possible exploit in FreeBSD 4.0 John Herron (Oct 28)
- Re: Possible exploit in FreeBSD 4.0 Mark (Oct 28)
- Re: Possible exploit in FreeBSD 4.0 packetWhore (Oct 29)
- Re: Possible exploit in FreeBSD 4.0 Crist Clark (Oct 29)
- Re: Possible exploit in FreeBSD 4.0 Mark (Oct 28)
- Re: Possible exploit in FreeBSD 4.0 John Herron (Oct 30)
- Re: Possible exploit in FreeBSD 4.0 Mark (Oct 27)