ulwazi olumayelana nokuba sengozini kuseva elibamba , eyaqedwa buthule ngonyaka odlule ekukhishweni kwe-squid 4.8. Izinkinga zikhona kukhodi yokucubungula ibhulokhi ethi β@β ekuqaleni kwe-URL (βuser@hostβ) futhi ikuvumela ukuthi weqe imithetho yemikhawulo yokufinyelela, ushevu okuqukethwe kunqolobane, futhi wenze indawo enqamulayo. scripting attack.
- β iklayenti, lisebenzisa i-URL eklanywe ngokukhethekile, lingakwazi ukweqa imithetho eshiwo kusetshenziswa umyalo we-url_regex futhi lithole ulwazi oluyimfihlo mayelana nommeleli kanye nethrafikhi ecutshunguliwe (lithole ukufinyelela kusixhumi esibonakalayo Somphathi Wenqolobane).
- β ngokukhohlisa idatha yegama lomsebenzisi ku-URL, ungafinyelela ukugcinwa kokuqukethwe okungelona iqiniso ekhasini elithile kunqolobane, isibonelo, okungasetshenziswa ukuhlela ukusetshenziswa kwekhodi yakho ye-JavaScript kumongo wamanye amasayithi.
Source: opennet.ru