https://www.exploit-db.com/exploits/24105
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-641

Squid（全称SquidCache）是一套代理服务器和Web缓存服务器软件。该软件提供缓存万维网、过滤流量、代理上网等功能。Squidproxy的Internet访问控制处理存在问题，远程攻击者可以利用这个漏洞通过畸形URI绕过规则控制，访问受限资源。使用@@url.pt@形式可绕过Squidproxy访问控制，访问Internet。

source: http://www.securityfocus.com/bid/10315/info

Squid proxy has been reported to be affected by an Internet access control bypass vulnerability. This issue is caused by a failure of the application to properly handle access controls when evaluating malformed URI requests.

This issue is reported to affect version 2.3.STABLE5 of the software, it is likely however that other versions are also affected.

This issue would allow users that are restricted from accessing Internet-based resources to access arbitrary web sites.

http://@@website_allowed.pt@restricted_internet_resource.html

来源:XF
名称:squid-url-bypass-security(16153)
链接:http://xforce.iss.net/xforce/xfdb/16153
来源:BID
名称:10315
链接:http://www.securityfocus.com/bid/10315
来源:BUGTRAQ
名称:20040510alitlebypasswithIE
链接:http://archives.neohapsis.com/archives/bugtraq/2004-05/0070.html
来源：NSFOCUS
名称：6429
链接：http://www.nsfocus.net/vulndb/6429