 |
|
|
|
Hi,
I noticed that Squid 2.3.STABLE4 doesn't quote urls in error messages.
For example if a user visits the following url
http://www.dotcom.com/ <b>test</b>
The user will get an invalid url page with test in bold.
Or even more fun with:
http://www.somecompany.com/<img src="http://www.mysite.com/mylogo.gif">
You can actually get a working form in such an error message! Javascript too.
So it may be possible to rip out other site's cookies from browsers using
this (see DKrypt's and other peoples stuff on it).
Also maybe do a fake form/page :).
I haven't really tried it myself, and so I can't confirm if it really works
(that's why it's in VULN-DEV ;) ).
Cheerio,
Link.
|
|
|
|
|
|
|
|
