[22948] in bugtraq
Re: Non-standard usage of HTTP proxy servers
daemon@ATHENA.MIT.EDU (Philip Stoev)
Mon Oct 22 13:13:34 2001
Message-ID: <002401c15b13$de0106c0$0100a8c0@zara>
From: "Philip Stoev" <philip@stoev.org>
To: <bugtraq@securityfocus.com>
Cc: "Alexander Yurchenko" <grange@rt.mipt.ru>
Date: Mon, 22 Oct 2001 19:08:59 +0300
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Using Squid, one can do
acl Safe_ports port 80 81 21 443 563 70 210 1025-65535
http_access deny !Safe_ports
to prevent that attack. It is well documented in squid.conf and is turned on
by default, I believe
Philip
----- Original Message -----
From: "Alexander Yurchenko" <grange@rt.mipt.ru>
To: <bugtraq@securityfocus.com>
Sent: Monday, October 22, 2001 3:34 AM
Subject: Non-standard usage of HTTP proxy servers
> It's possible to connect to one of the
> numerous public HTTP proxy servers and send a request like:
>
> POST http://some.host:25/ HTTP/1.0
>
> giving the SMTP commands as a content.
