lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 10 May 2004 17:42 +0100 (BST)
From: nbriscoe@....co.uk (Neil Briscoe)
To: webcenter@...o.pt, bugtraq@...urityfocus.com
Cc: nbriscoe@....co.uk
Subject: Re: a litle bypass with IE


Nuno Costa wrote :-

> hello
> 
> im not a expert in this area, but i work in a intranet that haves the 
> Squid/2.3.STABLE5 filtring all access's to the internet.. 
> 
> so i don't have access to the internet directaly, but i know that this 
> proxy allow access to especific web sites.. so, in the past if i us 
> this:
> 
> http://url@...site_allowed.pt -> the vuln that is already discovered... 
> > i have access to the website that i want...
> 
> but in this days, this vuln is now fixed so...
> 
> in my test's i found this way to pass this proxy, using:
> 
> http://@@website_allowed.pt@...url -> now i have access...
> 
> using @@url.pt@ i can bypass the proxy and access the internet, i don't 
> know how faur, this could go!!
> 
> so i don't know if this is a bug from IE or just a simple bug from 
> Squid.. ??? can anyone tell what we have in hands ?
> 
> PS: sorry my inglish
> 

Out of interest, do you happen to know if your proxy also uses Dansguardian?  I ask because I work for the company behind CensorNet 
(www.censornet.com) and we recently had to make a modification to the Dansguardian code in order that the school kids that form the vast 
bulk of our user base couldn't get to prohibited sites by the slight of putting a trailing dot at the end of the url they wanted to visit.

We've fixed things such that invalid url's are no longer possible.  I ask because, our Access Denied page also claims to be a service provided 
by Squid/2.3 STABLE5.  Yet the problem was with DG and not Squid.

Regards
Neil

(Company .sig below, although this is a personal email address)

-- 

Neil Briscoe
Adelix Ltd
e: neil.briscoe@...lix.com <mailto:neil.briscoe@...lix.com> 
t: +44 (0) 1252 338751 / f: +44 (0) 1454 228820
s: PO BOX 2000, Yate, Bristol, BS37 1DS. http://www.adelix.com

Any views expressed in this email communication are those
of the individual sender, except where the sender specifically states
them to be the views of a member of Adelix Ltd.  Adelix Ltd. does not
represent, warrant or guarantee that the integrity of this communication
has been maintained nor that the communication is free of errors or
interference.



Powered by blists - more mailing lists