![]() Http: ///accounts /SetSID? ssdc= 1 & sidt=Q5UrfB0BAAA %3D.oHVGErODzffQ %2Bms %2FOKfk53g5naReDKehRNHOBsmJlBu3VTNXjF03SbgX %2FVEEhmImhR4mlu5IAAjM %2BdbuXvMMSIb0oU8IGCYpnLcSNkbCIrG %2BQnm81YmX5 %2Brcrq7U6Q圆5 %2F1yaQ2NzgmKD94jg0Iw13iXDen3qD5qn6L %2FhmmYWwTrcOeuTzGbO %2BAehpjEU3mrWapRafaq3b4kxyigJ68s8QrGQqZTINNE %2Bs %2BoIkZWmGt5kNzoT8fkVAsWJeu3CKFkxj4oVMngeDvpwb1nyFpsJCltOzmAr46fTxVJSpvQdx0 %3D.BMLtjUdIDCcuszktZSvYzA %3D %3D & continue=http %3A %2F %2F%2FRedirLogin.aspx %3Fmsg %3D0 %26ts %3D1226148773097 %3A1226148773386 %3A1226148774868 %26auth %3DDQAAAIcAAAC1pPE1QT4chKgrU4B3oyKZrQRkEVPtYlclpESQoXV_d9x9gdoe75Z0hfJ_22Pn5tVMR7j-uV5YCps3NB48L0bFlDeX-4PGHVT6Loztp_ru3tAy_gxDa9_YAEbz4d9CO4wD2VTKtzax9zvpGgrnJVZQfoWPkkIomUmxDtVGoH7g3fA3UjS0vdBJ2PJtgFMElso But if you turn off the stripping mechanism by adding the line shown below, then squid will log the complete url. So, this vulnerability can’t be exploited. In the default configuration, squid strips the query terms of a url before logging. Squid is the most popular proxy server used. The proxy servers in the organizations can be used to exploit this vulnerability. Now, if you are able to grab the url used to set the session variables, you can login as the user to whom that url belongs from any machine on the Internet (need not be the machine belonging to the same subnet) without entering the username and password of the user. Whenever you login to any of the Google’s online services like GMail, Orkut, Groups, Docs, Youtube, Calendar etc., you are redirected to an authentication server which authenticates against the entered username and password and redirect back to the required service (GMail, Youtube etc.) setting the session variables. There is a vulnerability in the way Google authentication service works. If you happen to come across a better proxy switcher for Firefox, do let us know □ĭecemby Kulbir Saini on Bug, Google, Hacks, Internet, News, Proxy Server, Security, Server, Squid Crack: Google Authentication Services are Vulnerable Multiproxy Switch has Firefox like No-Proxy list which rocks and understandable □ I could never understand those regular expression based no-proxy lists in FoxyProxy. Many extensions add their own fancy interfaces for specifying proxies which eventually suck big time. Easy and Firefox like interface to specify different proxies.There are several Firefox extensions available to achieve the required functionality but IMHO Multiproxy Switch( Mozilla Addon Page) is the best because Decemby Kulbir Saini on Extensions, Firefox, Linux, Proxy Server, Review, Tips - Tricks Tip: Multiproxy Switch : Easily use multiple proxies in FirefoxĪ lot of people (especially working people with mobile devices like notebook/netbooks) need to use different proxy servers at home and office.
0 Comments
Leave a Reply. |