a litle bypass with IE

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: a litle bypass with IE
From: Nuno Costa <webcenter@xxxxxxx>
Date: 10 May 2004 21:16:30 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm



hello

im not a expert in this area, but i work in a intranet that haves the 
Squid/2.3.STABLE5 filtring all access's to the internet.. 

so i don't have access to the internet directaly, but i know that this proxy 
allow access to especific web sites.. so, in the past if i us this:

http://url@xxxxxxxxxxxxxxxxxx -> the vuln that is already discovered... i have 
access to the website that i want...

but in this days, this vuln is now fixed so...

in my test's i found this way to pass this proxy, using:

http://@@website_allowed.pt@my_url -> now i have access...

using @@url.pt@ i can bypass the proxy and access the internet, i don't know 
how faur, this could go!!

so i don't know if this is a bug from IE or just a simple bug from Squid.. ??? 
can anyone tell what we have in hands ?

PS: sorry my inglish



Nuno Costa
webcenter@xxxxxxx
Portugal

Follow-Ups:
- Re: a litle bypass with IE
  - From: Emilio Casbas
- Re: a litle bypass with IE
  - From: Neil Briscoe
- RE: a litle bypass with IE
  - From: Eric Norbut

Prev by Date: PaX DoS proof-of-concept
Next by Date: Monit 4.1 remote shell exploit (HTTP)
Previous by thread: PaX DoS proof-of-concept
Next by thread: RE: a litle bypass with IE
Index(es):
- Date
- Thread