squidguard vulnerability

[Petko Popadiyski <petko () freebsd-bg org>]

squidGuard is a fast redirector using database stored blacklists.


I found that squidguard is prone to the bug found in squid about the
NULL URL character unauthorized access (
http://www.securityfocus.com/bid/9778).
The vulnerability presents itself when a URI that is designed to access
a specific location with a supplied username, contains '%00'
characters. This sequence may be placed as part of the username value
prior to the @ symbol in the malicious URI.
proof of concept :
http://foo%00 () www example com/


-- 
Best wishes,
Petko Popadiyski
ICQ: 59468934