Thread-topic: Bypassing of web filters by using ASCII
;-)
> -----Original Message-----
> From: Kurt Huwig [mailto:k.huwig@xxxxxxxxx]
> Sent: Thursday, June 22, 2006 4:35 AM
> To: RSnake
> Cc: bugtraq@xxxxxxxxxxxxxxxxx
> Subject: Re: Bypassing of web filters by using ASCII
>
> RSnake schrieb:
> >
> > Jeremiah Grossman and I were able to get a proof of concept
> > working based off of Kurt's work that actually runs a
> simple piece of
> > JavaScript in IE, without using open or close angle
> brackets. Here's
> > the link to the post:
> >
> >
> >
> > I concur that it would be very likely that this would pass
> > through almost all the content filters known to date, although the
> > liklihood of exploit is fairly low for any given websites, given the
> > encoding needed (US-ASCII). This is more relevant to
> perhaps injecting
> > JavaScript from remote locations by which you have control
> and bypassing
> > AV or content filtering products that otherwise would
> restrict malicious
> > JavaScript.
>
> I was able to get your example working on a normal HTTP
> server by adding
> this to the <head>er:
>
> <meta http-equiv="Content-Type" content="text/html;
> charset=US-ASCII" />
>
> Demo page is here:
>
>
> --
> Kurt Huwig iKu Systemhaus AG
> Vorstand Am R?merkastell 4 Telefon 0681/96751-0
> 66121 Saarbr?cken Telefax 0681/96751-66
> GnuPG 1024D/99DD9468 64B1 0C5B 82BC E16E 8940 EB6D 4C32 F908
> 99DD 9468
>
>
