Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

One more way to bypass NAV
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Fri, 22 Mar 2002 13:24:42 +0300
Dear BUGTRAQ () SECURITYFOCUS COM,

I've   updated   "Bypassing   content   filtering  software"  whitepaper
http://www.security.nnov.ru/advisories/content.asp to include new way to
bypass content filtering software. It confirmed to work with NAV and not
to work with McAffee and KAV (AVP).

Symantec      was     contected     via     support () symantec com     and
symsecurity () symantec com and didn't reply.

  13.Case sensitivity of Content-Type and Content-Disposition

  Most MUAs ignore case of Content-Type and Content-Disposition headres
  while content filtering software may behave in different way. It makes
  it possible to bypass content-filtering software by using header like

          CONTENT-type: text/plain;
                NAme=\"eicar.com\"

P.S. thanks to everyone on vuln-dev who participated in testing.

-- 
http://www.security.nnov.ru
         /\_/\
        { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   }
+-------------o66o--+ /
                    |/
You know my name - look up my number (The Beatles)

  By Date           By Thread  

Current thread:
  • One more way to bypass NAV 3APA3A (Mar 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]