Exploitation Summary
EIP tracks 1 public exploit for CVE-2004-0189. PoCs published by Mitch Adair.
AI-analyzed exploit summary The exploit describes an authentication bypass vulnerability in Squid Proxy versions 2.0 to 2.5 STABLE4. By injecting a '%00' null byte into the username portion of a URI, an attacker can bypass access controls and gain unauthorized access to resources.
Description
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.
Exploits (1)
The exploit describes an authentication bypass vulnerability in Squid Proxy versions 2.0 to 2.5 STABLE4. By injecting a '%00' null byte into the username portion of a URI, an attacker can bypass access controls and gain unauthorized access to resources.