information about vulnerabilities in the proxy server , which were silently eliminated last year in the release of Squid 4.8. The problems are present in the code for processing the β@β block at the beginning of the URL (βuser@hostβ) and allow you to bypass access restriction rules, poison the contents of the cache, and carry out a cross-site scripting attack.
- β using a specially designed URL, a client can bypass the rules set using the url_regex directive and obtain confidential information about the proxy and processed traffic (get access to the Cache Manager interface).
- - through the manipulation of the username data in the URL, you can achieve the storage of fictitious content for a specific page in the cache, which, for example, can be used to organize the execution of your JavaScript code in the context of other sites.
Source: opennet.ru