lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <200303060223.VAA13658@Sparkle.Rodents.Montreal.QC.CA>
Date: Wed, 5 Mar 2003 21:14:38 -0500 (EST)
From: der Mouse <mouse@...ents.Montreal.QC.CA>
To: bugtraq@...urityfocus.com
Subject: Re: 3Com SuperStack 3 Firewall Content Filter Exploitable Via Telnet


>> C:\>telnet www.blockedsite.com 80
>> GET / HTTP/1.1
>> Host: www.blockedsite.com

>> Given the nature of Telnet, the request is sent to the server one
>> character at a time;
> Actually, in these situations, telnet works line-based.

In those situations (where character-at-a-time has not been negotiated
on), telnet is _supposed_ to work line-based.

Unfortunately - see that "C:\>"? - most wintel telnets were written by
people who either didn't understand the standard or were incompetent to
follow it (or perhaps just couldn't be bothered? I dunno) and use
character-at-a-time mode even when it hasn't been negotiated on.

> That's also why backspace works (modulo matching terminal emulator
> and stty settings).

In wintel telnets, backspace often _doesn't_ work, because of exactly
that, though it may look like it when typing because the echo of the
0x08 octet (whichever end generates the echo) makes the cursor move
leftwards....

I know all this because I am server code wiz for a mud, and I've hacked
in kludges to work around some of the most egregious problems I've seen
in various telnets.  (All the problematic telnets have come from an
infamous company based in Redmond, oddly enough.)  Mercifully, one of
the other people who uses that mud (a) muds from Windows and (b) is
technically clued, an odd combination but one that's useful when
testing such things.)

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@...ents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ