Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Bypassing javascript filters - problem N3.

Bypassing javascript filters - problem N3.

From: Alexander K. Yezhov <admin_at_leader.ru>
Date: Mon, 1 Apr 2002 23:37:49 +0400

Hello bugtraq,

  Title: Bypassing JavaScript filters
  Service: Anonymizer, maybe similar services

  Description:

  Anonymizer offers free and commercial services that allow to browse
  web safely. Since JavaScript can be dangerous, all script blocks and
  events are cut from html.

  Problem N3:

  Maybe you remember the problem I've reported in 2001 - JavaScript
  code could be executed after parsing the html by Anonymizer. The
  same principle of "JavaScript inside JavaScript" gave me the working
  example of redirecting Anonymizer users recently.

  Demo is available as Test N3 at
  http://anon.free.anonymizer.com/http://tools-on.net/you.shtml

  The part of the code before parsing:

  onLoad="onLoad="document.cookie='rw=; expires=Thu, 01-Jan-1970
  onLoad="location='unprotected_location';"

  The same code after parsing:

  onLoad="location='unprotected_location';"
  
  Errors generated for visitors without Anonymizer are suppressed by
  window.onError handler.

  Problem status:
  
  Anonymizer has been contacted and patched already.

Best regards, Alexander

-----------------------------------------------------------------------
         MCP+I, MCSE on Windows NT 4, MCSE on Windows 2000
  http://leader.ru http://tools-on.net (Security & Privacy on the Net)
-----------------------------------------------------------------------
Received on Apr 01 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos