travisbgreen (5)

Last Login: April 21, 2020
Assessments
2
Score
5

travisbgreen's Contributions (2)

Sort by:
Filter by:
3
Ratings
  • Attacker Value
    Very Low
  • Exploitability
    Very Low
Technical Analysis

Bottom line: The commonName property of the certificate that signs the “failed to connect securely” error page within Squid gets rendered as HTML on the client/victim side.

In order to successfully exploit this XSS one would need to write a malicious .pem file in the location specified by squid.conf or modify squid.conf to point to an existing malicious .pem file.

If I had root level access to the filesystem on a squid box, serving a XSS from the error page would not be as useful as any number of other things that could be done. Similarly story if you MITM the victim.

PoC @ https://github.com/JonathanWilbur/CVE-2018-19131