Re: proxying exploit attempts

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sat, 23 Jan 1999 13:05:17 +0100

mlowe@dataline.net.au wrote:
>
> Are there any known expolits for squid? If so where is the
> list/site located?

No known exploits for Squid exists.

What we was talking about was Web-server (usually CGI script) exploits
which can be conducted throught Squid to hide the attackers identity,
and how to stop such use of a proxy.

James Youg said that you could filter out URLs wich contains known
exploit constructs.

My point was that there is no way to filter out POST requests in this
way as the exploit data is then in the message body and not the URL.

---
Henrik Nordstrom
Spare time Squid hacker
Received on Sat Jan 23 1999 - 04:57:54 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:44:08 MST