[VulnWatch] Re: Corsaire Security Advisory - Clearswift MAILsweeper MIME attachme nt evasion issue

From: http-equiv@excite.com
Date: 03/08/03

  • Next message: saleh@surat.scan-associates.net: "[VulnWatch] Postnuke v 0.723 SQL injection and directory traversing"
    To: <vulnwatch@vulnwatch.org>
    Date: Sat, 8 Mar 2003 19:43:23 -0000
    From: "http-equiv@excite.com" <http-equiv@malware.com>
    
    

    <!--

    Step 2: Now create a text file that will be used to hold the MIME
    encoded attachment. Start notepad (or another text editor), and paste
    in:

         MIME-Version: 1.0
         Content-Location:file:///executable.exe
         Content-Transfer-Encoding: base64

         TVp0AQIAAAAgAAgA//8YAIAAAAAQAAIAHgAAAAEAAAAAA
         AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
     -->

    That's a very interesting situation with content filters and anti-
    virus filters. How many others are affected one must wonder.

    Try the following as well, nothing more than pure binary:

    http://www.malware.com/bin.exe.zip

    MIME-Version: 1.0
    Content-Location:file://foo.exe
    Content-Transfer-Encoding: binary

    MZD  ! u  >  0jr y

                                                 

    Lot more where that came from.

    End Call

    -- 
    http://www.malware.com
    

  • Next message: saleh@surat.scan-associates.net: "[VulnWatch] Postnuke v 0.723 SQL injection and directory traversing"

    Relevant Pages