Bugtraq mailing list archives

Re: a litle bypass with IE

From: nbriscoe () cix co uk (Neil Briscoe)
Date: Mon, 10 May 2004 17:42 +0100 (BST)

Nuno Costa wrote :-

hello

im not a expert in this area, but i work in a intranet that haves the 
Squid/2.3.STABLE5 filtring all access's to the internet.. 

so i don't have access to the internet directaly, but i know that this 
proxy allow access to especific web sites.. so, in the past if i us 
this:

http://url@website_allowed.pt -> the vuln that is already discovered...

i have access to the website that i want...


but in this days, this vuln is now fixed so...

in my test's i found this way to pass this proxy, using:

http://@@website_allowed.pt@my_url -> now i have access...

using @@url.pt@ i can bypass the proxy and access the internet, i don't 
know how faur, this could go!!

so i don't know if this is a bug from IE or just a simple bug from 
Squid.. ??? can anyone tell what we have in hands ?

PS: sorry my inglish


Out of interest, do you happen to know if your proxy also uses Dansguardian?  I ask because I work for the company 
behind CensorNet 
(www.censornet.com) and we recently had to make a modification to the Dansguardian code in order that the school kids 
that form the vast 
bulk of our user base couldn't get to prohibited sites by the slight of putting a trailing dot at the end of the url 
they wanted to visit.

We've fixed things such that invalid url's are no longer possible.  I ask because, our Access Denied page also claims 
to be a service provided 
by Squid/2.3 STABLE5.  Yet the problem was with DG and not Squid.

Regards
Neil

(Company .sig below, although this is a personal email address)

-- 

Neil Briscoe
Adelix Ltd
e: neil.briscoe () adelix com <mailto:neil.briscoe () adelix com> 
t: +44 (0) 1252 338751 / f: +44 (0) 1454 228820
s: PO BOX 2000, Yate, Bristol, BS37 1DS. http://www.adelix.com

Any views expressed in this email communication are those
of the individual sender, except where the sender specifically states
them to be the views of a member of Adelix Ltd.  Adelix Ltd. does not
represent, warrant or guarantee that the integrity of this communication
has been maintained nor that the communication is free of errors or
interference.

Current thread:

a litle bypass with IE Nuno Costa (May 10)
- Re: a litle bypass with IE Neil Briscoe (May 10)
- RE: a litle bypass with IE Eric Norbut (May 10)
- Re: a litle bypass with IE Emilio Casbas (May 11)
- <Possible follow-ups>
- RE: a litle bypass with IE Thor Larholm (May 11)