Bugtraq: RE: Bypassing of web filters by using ASCII

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

RE: Bypassing of web filters by using ASCII

From: "James C. Slora Jr." <james.slora () phra com>
Date: Fri, 23 Jun 2006 07:55:52 -0400

Amit Klein wrote Thursday, June 22, 2006 3:47 AM

So in order to exploit this in HTML over HTTP, the attacker needs to

either add/modify the Content-Type response header, or to add/modify the
META tag in the HTML page.

There are other ways that might carry a bigger injection threat:

Style sheet:
http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml
/reference/properties/charset_1.asp

Object property:
http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml
/reference/properties/charset.asp


By extension, it should also work for inline styles.

By Date By Thread

Current thread:

Bypassing of web filters by using ASCII k . huwig (Jun 21)
- Re: Bypassing of web filters by using ASCII Fixer (Jun 21)
  - Re: Bypassing of web filters by using ASCII Paul (Jun 21)
    - Re: Bypassing of web filters by using ASCII Kurt Huwig (Jun 22)
    - Re: Bypassing of web filters by using ASCII Amit Klein (AKsecurity) (Jun 22)
    - RE: Bypassing of web filters by using ASCII James C. Slora Jr. (Jun 23)
    - RE: Bypassing of web filters by using ASCII Amit Klein (AKsecurity) (Jun 26)
    - RE: Bypassing of web filters by using ASCII RSnake (Jun 26)
    - Re: Bypassing of web filters by using ASCII Hubert Seiwert (Jun 27)
    - RE: Bypassing of web filters by using ASCII James C. Slora Jr. (Jun 26)
    - Re: Bypassing of web filters by using ASCII Thor (Hammer of God) (Jun 23)