CVE-1999-0710

Red Hat Linux 5.2 and 6.0 - Server-Side Request Forgery via Squid cachemgr.cgi

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0710. PoCs published by fsaa.

AI-analyzed exploit summary This script exploits a misconfiguration in Squid's cachemgr.cgi to perform port scanning via SSRF. It iterates through ports on a target host, using the vulnerable CGI script as a proxy to test connectivity.

Description

The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems.

Exploits (1)

exploitdb WORKING POC VERIFIED

by fsaa · bashremotecgi

https://www.exploit-db.com/exploits/20465

View Code ZIP pw:eip

This script exploits a misconfiguration in Squid's cachemgr.cgi to perform port scanning via SSRF. It iterates through ports on a target host, using the vulnerable CGI script as a proxy to test connectivity.

Classification

Working Poc 90%

Attack Type

Ssrf

Complexity

Trivial

Reliability

Reliable

Target: Squid proxy (cachemgr.cgi)

No auth needed

Prerequisites: Squid proxy with cachemgr.cgi exposed · Lynx installed on attacker's machine

MITRE ATT&CK