Re: a litle bypass with IE

From: Emilio Casbas (ecasbas_at_unav.es)
Date: 05/11/04

  • Next message: Thierry Carrez: "[ GLSA 200405-04 ] OpenOffice.org vulnerability when using DAV servers"
    Date: Tue, 11 May 2004 09:11:17 +0200
    To: bugtraq@securityfocus.com
    
    
    

    Nuno Costa wrote:

    >
    >hello
    >
    >im not a expert in this area, but i work in a intranet that haves the Squid/2.3.STABLE5 filtring all access's to the internet..
    >
    >so i don't have access to the internet directaly, but i know that this proxy allow access to especific web sites.. so, in the past if i us this:
    >
    >http://url@website_allowed.pt -> the vuln that is already discovered... i have access to the website that i want...
    >
    >but in this days, this vuln is now fixed so...
    >
    >in my test's i found this way to pass this proxy, using:
    >
    >http://@@website_allowed.pt@my_url -> now i have access...
    >
    >using @@url.pt@ i can bypass the proxy and access the internet, i don't know how faur, this could go!!
    >
    >so i don't know if this is a bug from IE or just a simple bug from Squid.. ??? can anyone tell what we have in hands ?
    >
    >PS: sorry my inglish
    >
    >
    >
    >
    Squid/2.3.Stable5 is deprecated,
    The last stable release for production is:
    Squid-2.5.Stable5.

    http://www.squid-cache.org/Versions/v2/2.5/

    Emilio C.

    
    



  • Next message: Thierry Carrez: "[ GLSA 200405-04 ] OpenOffice.org vulnerability when using DAV servers"