| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4499E59D.3040003@iku-ag.de>
Date: Thu, 22 Jun 2006 02:34:37 +0200
From: Kurt Huwig <k.huwig@...-ag.de>
To: RSnake <rsnake@...cking.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: Bypassing of web filters by using ASCII
RSnake schrieb:
>
> Jeremiah Grossman and I were able to get a proof of concept
> working based off of Kurt's work that actually runs a simple piece of
> JavaScript in IE, without using open or close angle brackets. Here's
> the link to the post:
>
> http://ha.ckers.org/blog/20060621/us-ascii-xss-part-2/
>
> I concur that it would be very likely that this would pass
> through almost all the content filters known to date, although the
> liklihood of exploit is fairly low for any given websites, given the
> encoding needed (US-ASCII). This is more relevant to perhaps injecting
> JavaScript from remote locations by which you have control and bypassing
> AV or content filtering products that otherwise would restrict malicious
> JavaScript.
I was able to get your example working on a normal HTTP server by adding
this to the <head>er:
<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII" />
Demo page is here:
http://www.iku-ag.de/ascii.cgi.htm
--
Kurt Huwig iKu Systemhaus AG http://www.iku-ag.de/
Vorstand Am Römerkastell 4 Telefon 0681/96751-0
66121 Saarbrücken Telefax 0681/96751-66
GnuPG 1024D/99DD9468 64B1 0C5B 82BC E16E 8940 EB6D 4C32 F908 99DD 9468
Download attachment "signature.asc" of type "application/pgp-signature" (255 bytes)
Powered by blists - more mailing lists