Nuno Costa wrote :- > hello > > im not a expert in this area, but i work in a intranet that haves the > Squid/2.3.STABLE5 filtring all access's to the internet.. > > so i don't have access to the internet directaly, but i know that this > proxy allow access to especific web sites.. so, in the past if i us > this: > > http://url@xxxxxxxxxxxxxxxxxx -> the vuln that is already discovered... > > i have access to the website that i want... > > but in this days, this vuln is now fixed so... > > in my test's i found this way to pass this proxy, using: > > http://@@website_allowed.pt@my_url -> now i have access... > > using @@url.pt@ i can bypass the proxy and access the internet, i don't > know how faur, this could go!! > > so i don't know if this is a bug from IE or just a simple bug from > Squid.. ??? can anyone tell what we have in hands ? > > PS: sorry my inglish > Out of interest, do you happen to know if your proxy also uses Dansguardian? I ask because I work for the company behind CensorNet (www.censornet.com) and we recently had to make a modification to the Dansguardian code in order that the school kids that form the vast bulk of our user base couldn't get to prohibited sites by the slight of putting a trailing dot at the end of the url they wanted to visit. We've fixed things such that invalid url's are no longer possible. I ask because, our Access Denied page also claims to be a service provided by Squid/2.3 STABLE5. Yet the problem was with DG and not Squid. Regards Neil (Company .sig below, although this is a personal email address) -- Neil Briscoe Adelix Ltd e: neil.briscoe@xxxxxxxxxx <mailto:neil.briscoe@xxxxxxxxxx> t: +44 (0) 1252 338751 / f: +44 (0) 1454 228820 s: PO BOX 2000, Yate, Bristol, BS37 1DS. http://www.adelix.com Any views expressed in this email communication are those of the individual sender, except where the sender specifically states them to be the views of a member of Adelix Ltd. Adelix Ltd. does not represent, warrant or guarantee that the integrity of this communication has been maintained nor that the communication is free of errors or interference.
