I have advised Bluecoat and will wait until they release a patch before giving out the details of the hack and give proper credits to the person who found this loop hole. I will also test this vulnerability on other solutions such as Webwasher.
Sunday, December 13, 2009
Bluecoat ProxySG webilter bypass vulnerability
During a Bluecoat knowledge transfer session which I was conducting, I was informed on a way to bypass Bluecoat's URL filtering technology. Apparently an employee of my client figured out a way to bypass the web filtering via Google cache by forging the parameters in the url queries.