Vulnerability Development mailing list archives
Re: Squid doesn't quote urls in error messages.
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Fri, 27 Oct 2000 19:58:53 +0400
Hello Lincoln Yeoh, 27.10.00 13:47, you wrote: Squid doesn't quote urls in error messages.; L> I noticed that Squid 2.3.STABLE4 doesn't quote urls in error L> messages. <skip> L> I haven't really tried it myself, and so I can't confirm if it really works L> (that's why it's in VULN-DEV ;) ). I can confirm it really works. Then I open http://123.microsoft.com/<script>alert(this.document.cookie)</script> I can see my cookie from MS site :)
Current thread:
- Possible exploit in FreeBSD 4.0 John Herron (Oct 27)
- Re: Possible exploit in FreeBSD 4.0 Mark (Oct 27)
- Squid doesn't quote urls in error messages. Lincoln Yeoh (Oct 28)
- Re: Squid doesn't quote urls in error messages. Robert Collins (Oct 29)
- Re: Squid doesn't quote urls in error messages. 3APA3A (Oct 29)
- Squid doesn't quote urls in error messages. Lincoln Yeoh (Oct 28)
- Re: Possible exploit in FreeBSD 4.0 The Psychotic Viper (Oct 28)
- Re: Possible exploit in FreeBSD 4.0 Kris Kirby (Oct 30)
- <Possible follow-ups>
- Re: Possible exploit in FreeBSD 4.0 John Herron (Oct 28)
- Re: Possible exploit in FreeBSD 4.0 Mark (Oct 28)
- Re: Possible exploit in FreeBSD 4.0 packetWhore (Oct 29)
- Re: Possible exploit in FreeBSD 4.0 Crist Clark (Oct 29)
- Re: Possible exploit in FreeBSD 4.0 Mark (Oct 28)
- Re: Possible exploit in FreeBSD 4.0 John Herron (Oct 30)
- Re: Possible exploit in FreeBSD 4.0 Mark (Oct 27)