|
Bugtraq
mailing list archives
Re: Bypassing of web filters by using ASCII
From: Kurt Huwig <k.huwig () iku-ag de>
Date: Thu, 22 Jun 2006 02:34:37 +0200
RSnake schrieb:
Jeremiah Grossman and I were able to get a proof of concept
working based off of Kurt's work that actually runs a simple piece of
JavaScript in IE, without using open or close angle brackets. Here's
the link to the post:
http://ha.ckers.org/blog/20060621/us-ascii-xss-part-2/
I concur that it would be very likely that this would pass
through almost all the content filters known to date, although the
liklihood of exploit is fairly low for any given websites, given the
encoding needed (US-ASCII). This is more relevant to perhaps injecting
JavaScript from remote locations by which you have control and bypassing
AV or content filtering products that otherwise would restrict malicious
JavaScript.
I was able to get your example working on a normal HTTP server by adding
this to the <head>er:
<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII" />
Demo page is here:
http://www.iku-ag.de/ascii.cgi.htm
--
Kurt Huwig iKu Systemhaus AG http://www.iku-ag.de/
Vorstand Am Römerkastell 4 Telefon 0681/96751-0
66121 Saarbrücken Telefax 0681/96751-66
GnuPG 1024D/99DD9468 64B1 0C5B 82BC E16E 8940 EB6D 4C32 F908 99DD 9468
Attachment:
signature.asc
Description: OpenPGP digital signature
 By Date 
By Thread
Current thread:
Re: Bypassing of web filters by using ASCII RSnake (Jun 22)
Re: Bypassing of web filters by using ASCII Hubert Seiwert (Jun 22)
Re: Bypassing of web filters by using ASCII Amit Klein (AKsecurity) (Jun 22)
| 
Intro
