Re: [Full-disclosure] UTF reverse-writing WYSINWG "feature"



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I remember a guy that set up a firewall box for his wireless AP that
flipped every page that an unauthorized user accessing his AP would
get.Really great stuff!

His neighbor was stealing his internet connection and he wanted to
screw with him.

I know, a secure connection and so on, and so forth...
Just thought this was a good time to tell this story.

Regards,
Redhowlingwolves


Tonu Samuel wrote:
Hi!

Reading today http://www.digg.com/offbeat_news/WTF_is_this_Character
rang bells in my head. There is a nice utf character which just confuses
software and all display goes instead left-to-right into right-to-left.
It is difficult to exaplain but go and read original.

But by concerns are related to security. For example even looking title
of this digg.com page with Firefox or Konqueror and you see that browser
name is reversed! I looked into source code with Firefox and lot of
things are reversed too!

I was thinking about possible (ab)uses of this "feature". Let say, I
want to write some rude words into some portal but they regexp it out.
Now I have way to do it.

http://www.epl.ee/?artikkel=317582&kommentaarid=0 is random example.
"sitt" is bit rude word and they do not allow to use it inside
comments.

Another example is Delfi. This is locally huge portal and they colour
word "delfi" in comments into their trademark colours:

http://www.delfi.ee/archive/article.php?id=16722806&ndate=1187643600&categoryID=120&com=1&s=1&no=180

Why it is in this list? I think this is serious security issue when you
have to audit source code of bank and you read

if ( sum == 123 )

but actually machine understands it as

if ( sum == 321 )

I am sure people in this list can come up with more ideas. Just wanted
to warn about such "feature".

Tõnu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG06TZsrt057ENXO4RApZSAJ9mGM9BAxj9AAwMGz4ohEDSILb6PgCfTYDL
45DaSwL+MshKsgomB4G3hE4=
=pvDL
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages