Last Login: April 21, 2020
travisbgreen's Contributions (2)
Bottom line: The commonName property of the certificate that signs the “failed to connect securely” error page within Squid gets rendered as HTML on the client/victim side.
In order to successfully exploit this XSS one would need to write a malicious .pem file in the location specified by squid.conf or modify squid.conf to point to an existing malicious .pem file.
If I had root level access to the filesystem on a squid box, serving a XSS from the error page would not be as useful as any number of other things that could be done. Similarly story if you MITM the victim.