关联漏洞
标题:Squid 安全漏洞 (CVE-2025-62168)Description:Squid是Squid开源的一套代理服务器和Web缓存服务器软件。该软件提供缓存万维网、过滤流量、代理上网等功能。 Squid 7.2之前版本存在安全漏洞,该漏洞源于错误处理中未编辑HTTP身份验证凭据,可能导致信息泄露。
Description
PoC of CVE-2025-62168
介绍
# CVE-2025-62168<br>Squid Proxy Information Disclosure in Error handling
### Scanner (Detection & PoC)
"Due to a failure to redact HTTP Authentication credentials
Squid is vulnerable to an Information Disclosure attack.
Severity:
This problem allows a script to bypass Browser security
protections and learn the credentials a trusted client uses to
authenticate.
This problem potentially allows a remote client to identify
security tokens or credentials used internally by a web
application using Squid for backend load balancing.
These attacks do not require Squid to be configured with HTTP
Authentication."
#### How to Use
```
use virtual enviroment & active
pip install -r requirements.txt
python3 main.py
```
文件快照
[4.0K] /data/pocs/0308e287d73147708acc9ea728074908210cbad3
├── [408K] Banner.jpg
├── [5.8K] main.py
├── [ 55K] PoC.png
├── [ 922] README.md
└── [ 506] requirements.txt
1 directory, 5 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。