Home page logo
/

bugtraq logo Bugtraq mailing list archives

One more way to bypass NAV
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Fri, 22 Mar 2002 13:24:42 +0300

Dear BUGTRAQ () SECURITYFOCUS COM,

I've   updated   "Bypassing   content   filtering  software"  whitepaper
http://www.security.nnov.ru/advisories/content.asp to include new way to
bypass content filtering software. It confirmed to work with NAV and not
to work with McAffee and KAV (AVP).

Symantec      was     contected     via     support () symantec com     and
symsecurity () symantec com and didn't reply.

  13.Case sensitivity of Content-Type and Content-Disposition

  Most MUAs ignore case of Content-Type and Content-Disposition headres
  while content filtering software may behave in different way. It makes
  it possible to bypass content-filtering software by using header like

          CONTENT-type: text/plain;
                NAme=\"eicar.com\"

P.S. thanks to everyone on vuln-dev who participated in testing.

-- 
http://www.security.nnov.ru
         /\_/\
        { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   }
+-------------o66o--+ /
                    |/
You know my name - look up my number (The Beatles)


  By Date           By Thread  

Current thread:
  • One more way to bypass NAV 3APA3A (Mar 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]