|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: 3APA3A (3APA3A
SECURITY.NNOV.RU)Date: Fri Mar 22 2002 - 04:24:42 CST
Dear BUGTRAQSECURITYFOCUS.COM,
I've updated "Bypassing content filtering software" whitepaper
http://www.security.nnov.ru/advisories/content.asp to include new way to
bypass content filtering software. It confirmed to work with NAV and not
to work with McAffee and KAV (AVP).
Symantec was contected via supportsymantec.com and
symsecuritysymantec.com and didn't reply.
13.Case sensitivity of Content-Type and Content-Disposition
Most MUAs ignore case of Content-Type and Content-Disposition headres
while content filtering software may behave in different way. It makes
it possible to bypass content-filtering software by using header like
CONTENT-type: text/plain;
NAme=\"eicar.com\"
P.S. thanks to everyone on vuln-dev who participated in testing.
-- http://www.security.nnov.ru /\_/\ { , . } |\ +--oQQo->{ ^ }<-----+ \ | ZARAZA U 3APA3A } +-------------o66o--+ / |/ You know my name - look up my number (The Beatles)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]