-
December 1st, 2004, 02:53 PM
#1
IPCop Cross Site Scripting Vulnerability in "proxylog.dat"
Being a user of IPCop as a firewall/web filter for my home network I found info on an exploit for the latest version - 1.4.1 which has recently been released.
Vulnerability/Exploit:
A Cross Site Scripting vulnerability has been found in the IPCop web interface. The "proxylog.dat" page allows the IPCop administrators to review browsed websites that have been processed through Squid. By creating a specially crafted HTTP request, it is possible to inject script code into the "proxylog.dat" page. The variables "$url" and "$part" are not sanitized before being sent to the user. When the administrators view the page, the script code will be executed.
For full information and easy work around can be found here
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|