Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-62168 PoC — Squid 安全漏洞

Source
https://github.com/shahroodcert/CVE-2025-62168
Associated Vulnerability
Title:Squid 安全漏洞 (CVE-2025-62168)
Description:Squid是Squid开源的一套代理服务器和Web缓存服务器软件。该软件提供缓存万维网、过滤流量、代理上网等功能。 Squid 7.2之前版本存在安全漏洞,该漏洞源于错误处理中未编辑HTTP身份验证凭据,可能导致信息泄露。
Description
PoC of CVE-2025-62168
Readme
  # CVE-2025-62168<br>Squid Proxy Information Disclosure in Error handling

### Scanner (Detection & PoC)

![](https://github.com/monzaviman/CVE-2025-62168/blob/main/Banner.jpg)

"Due to a failure to redact HTTP Authentication credentials
Squid is vulnerable to an Information Disclosure attack.
Severity:

This problem allows a script to bypass Browser security
protections and learn the credentials a trusted client uses to
authenticate.

This problem potentially allows a remote client to identify
security tokens or credentials used internally by a web
application using Squid for backend load balancing.

These attacks do not require Squid to be configured with HTTP
Authentication."

#### How to Use
```
use virtual enviroment & active
pip install -r requirements.txt

python3 main.py
```
![](https://github.com/monzaviman/CVE-2025-62168/blob/main/PoC.png)
File Snapshot

 [4.0K]  /data/pocs/49e602f0c458c27bb5fa8506778c5977d681a04b
├── [408K]  Banner.jpg
├── [5.9K]  main.py
├── [ 55K]  PoC.png
├── [ 879]  README.md
└── [ 506]  requirements.txt

1 directory, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.