Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Bypassing of web filters by using ASCII
From: "Amit Klein (AKsecurity)" <aksecurity () hotpop com>
Date: Fri, 23 Jun 2006 17:12:13 +0200
On 23 Jun 2006 at 10:35, Vincent Archer wrote:


On Fri, Jun 23, 2006 at 12:08:56AM +0200, Amit Klein (AKsecurity) wrote:

So what I don't understand now is why IE's "solution" is any better than Opera/Firefox?

Why is modifying the data (msb) any better than modifying the data-description (charset)?


The same problem did exist in RFC821, which specified the data path as
being 7-bit, with the MSB set to 0. The venerable ancestor sendmail did
enforce that, by and-ing each and every byte with 0x7F, which means that
the IE solution is "slightly better", due to historical precedent.



If we're into precedences, does anyone know what Mosaic 1.0 used to do in such case? after 
all, it was probably the first widely used browser (see 
http://www.livinginternet.com/w/wi_browse.htm), and it made some sense (in the early 90s) 
to conform to its de-facto browser standard.


Not that it's good anyway.



Yep...

-Amit

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]