|
|
| |
| Squid Analysis Report Generator is "a tool that allow you to view "where" your users are going to on the Internet". Execution of arbitrary code in Squid Analysis Report Generator is possible by executing sarg with specially crafted squid log files (access and useragent log). |
| |
Credit:
The information has been provided by L4teral.
|
| |
Vulnerable Systems:
* Squid Analysis Report Generator version 2.2.3.1
Immune Systems:
* Squid Analysis Report Generator version 2.2.4
The access.log has to be manually created to trigger the exploit, as Squid will not allow malformed HTTP methods.
The useragent log is more critical, as this vulnerability can be exploited by just passing the useragent string within a request to the Squid proxy.
PoC/Exploit:
Edit a normal access log and set the request method to an overly long string.
Edit a normal useragent log and set the useragent field to an overly long string or send a request to the Squid proxy server passing an overly long string as useragent in the HTTP header.
Disclosure Timeline:
2008-01-28 - vendor informed
2008-01-28 - vendor responded
2008-03-02 - vendor released new version
2008-03-03 - public disclosure
|
|
|
| Subject:
|
Finding Version 2.2.3.1 |
Date: |
4 Mar. 2008 |
| From: |
mr_daimonhotmail.com |
Google:
inurl:topsites.html "e;Squid Analysis Report Generator"e; +2.2.3.1
Fun to watch where people surf. This is version specific - delete the numbers, 7 times as many responses.
If interested in network mapping, where individuals surf, and what they download:
inurl:siteuser.html "e;Squid Analysis Report Generator"e;
inurl:download.html "e;Squid Analysis Report Generator"e;
|
|
|
|
|
