Re: Bypassing of web filters by using ASCII



RSnake schrieb:

Jeremiah Grossman and I were able to get a proof of concept
working based off of Kurt's work that actually runs a simple piece of
JavaScript in IE, without using open or close angle brackets. Here's
the link to the post:

http://ha.ckers.org/blog/20060621/us-ascii-xss-part-2/

I concur that it would be very likely that this would pass
through almost all the content filters known to date, although the
liklihood of exploit is fairly low for any given websites, given the
encoding needed (US-ASCII). This is more relevant to perhaps injecting
JavaScript from remote locations by which you have control and bypassing
AV or content filtering products that otherwise would restrict malicious
JavaScript.

I was able to get your example working on a normal HTTP server by adding
this to the <head>er:

<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII" />

Demo page is here:

http://www.iku-ag.de/ascii.cgi.htm
--
Kurt Huwig iKu Systemhaus AG http://www.iku-ag.de/
Vorstand Am Römerkastell 4 Telefon 0681/96751-0
66121 Saarbrücken Telefax 0681/96751-66
GnuPG 1024D/99DD9468 64B1 0C5B 82BC E16E 8940 EB6D 4C32 F908 99DD 9468

Attachment: signature.asc
Description: OpenPGP digital signature