mailing list archives
Re: "Strip Script Tags" in FW-1 can be circumvented
From: sporty () SPORTY ORG (sporty o'one)
Date: Tue, 1 Feb 2000 13:00:09 +0000
considering how loose type the language is, and how much error correction
is needed in html browsers, it is more of a firewall problem. Using a
string dtd for html for most people would fail miserably right off the
Besides, parsing for <.?*> recursively isn't the most intensive task in
world. Proof: any web browser does it...
On Mon, 31 Jan 2000, Jonah Kowall wrote:
I don't consider this a bug in FW-1, but a bug in the products
navigator, and internet explorer. These tags shouldn't be parsed, because
they are malformed. The firewall is stripping tags properly, but since
these tags are malformed you can't expect the firewall to be able to
recognize them as valid tags.
From: Arne Vidstrom [mailto:arne.vidstrom () NTSECURITY NU]
Sent: Saturday, January 29, 2000 8:52 AM
To: BUGTRAQ () SECURITYFOCUS COM
Subject: "Strip Script Tags" in FW-1 can be circumvented
The "Strip Script Tags" in FW-1 can be circumvented by adding an extra <
before the <SCRIPT> tag like in this code:
This code will pass unchanged, and still execute in both Navigator and
Explorer. I tried this on version 3.0 of FW-1 (on Windows NT 4.0) but I'm
not able to check it on version 4.0 since I don't have access to it.