Vulnerability Development mailing list archives
squidguard vulnerability
From: Petko Popadiyski <petko () freebsd-bg org>
Date: Fri, 19 Mar 2004 11:51:55 +0200
squidGuard is a fast redirector using database stored blacklists. I found that squidguard is prone to the bug found in squid about the NULL URL character unauthorized access ( http://www.securityfocus.com/bid/9778). The vulnerability presents itself when a URI that is designed to access a specific location with a supplied username, contains '%00' characters. This sequence may be placed as part of the username value prior to the @ symbol in the malicious URI. proof of concept : http://foo%00 () www example com/ -- Best wishes, Petko Popadiyski ICQ: 59468934
Current thread:
- squidguard vulnerability Petko Popadiyski (Mar 22)