|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Bypassing of web filters by using ASCII
From: Kurt Huwig (k.huwig
iku-ag.de)
Date: Wed Jun 21 2006 - 19:34:37 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
RSnake schrieb:
>
> Jeremiah Grossman and I were able to get a proof of concept
> working based off of Kurt's work that actually runs a simple piece of
> JavaScript in IE, without using open or close angle brackets. Here's
> the link to the post:
>
> http://ha.ckers.org/blog/20060621/us-ascii-xss-part-2/
>
> I concur that it would be very likely that this would pass
> through almost all the content filters known to date, although the
> liklihood of exploit is fairly low for any given websites, given the
> encoding needed (US-ASCII). This is more relevant to perhaps injecting
> JavaScript from remote locations by which you have control and bypassing
> AV or content filtering products that otherwise would restrict malicious
> JavaScript.
I was able to get your example working on a normal HTTP server by adding
this to the <head>er:
<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII" />
Demo page is here:
http://www.iku-ag.de/ascii.cgi.htm
--
Kurt Huwig iKu Systemhaus AG http://www.iku-ag.de/
Vorstand Am Römerkastell 4 Telefon 0681/96751-0
66121 Saarbrücken Telefax 0681/96751-66
GnuPG 1024D/99DD9468 64B1 0C5B 82BC E16E 8940 EB6D 4C32 F908 99DD 9468
- application/pgp-signature attachment: OpenPGP digital signature
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]