Bugtraq mailing list archives
Re: Bypassing of web filters by using ASCII
From: "Balazs Attila-Mihaly (Cd-MaN)" <x_at_y_or_z () yahoo com>
Date: Sat, 24 Jun 2006 11:57:39 -0700 (PDT)
Tested with Mosaic 3.00 (the last publicly available), and it crashes (then again, it crashes on almost all websites) Attila ----- Original Message ---- From: Amit Klein (AKsecurity) <aksecurity () hotpop com> To: Vincent Archer <varcher () denyall com> Cc: bugtraq () securityfocus com; k.huwig () iku-ag de Sent: Friday, 23 June, 2006 6:12:13 PM Subject: Re: Bypassing of web filters by using ASCII On 23 Jun 2006 at 10:35, Vincent Archer wrote:
On Fri, Jun 23, 2006 at 12:08:56AM +0200, Amit Klein (AKsecurity) wrote:So what I don't understand now is why IE's "solution" is any better than Opera/Firefox? Why is modifying the data (msb) any better than modifying the data-description (charset)?The same problem did exist in RFC821, which specified the data path as being 7-bit, with the MSB set to 0. The venerable ancestor sendmail did enforce that, by and-ing each and every byte with 0x7F, which means that the IE solution is "slightly better", due to historical precedent.
If we're into precedences, does anyone know what Mosaic 1.0 used to do in such case? after all, it was probably the first widely used browser (see http://www.livinginternet.com/w/wi_browse.htm), and it made some sense (in the early 90s) to conform to its de-facto browser standard.
Not that it's good anyway.
Yep... -Amit
Current thread:
- Re: Bypassing of web filters by using ASCII, (continued)
- Re: Bypassing of web filters by using ASCII Hubert Seiwert (Jun 27)
- RE: Bypassing of web filters by using ASCII James C. Slora Jr. (Jun 26)
- Re: Bypassing of web filters by using ASCII Thor (Hammer of God) (Jun 23)
- Re: Bypassing of web filters by using ASCII RSnake (Jun 22)
- Re: Bypassing of web filters by using ASCII Kurt Huwig (Jun 22)
- Re: Bypassing of web filters by using ASCII David Huecking (Jun 26)
- Re: Bypassing of web filters by using ASCII Hubert Seiwert (Jun 22)
- Re: Bypassing of web filters by using ASCII Amit Klein (AKsecurity) (Jun 22)
- Message not available
- Re: Bypassing of web filters by using ASCII Amit Klein (AKsecurity) (Jun 23)
- Re: Bypassing of web filters by using ASCII Vincent Archer (Jun 26)
- Re: Bypassing of web filters by using ASCII Balazs Attila-Mihaly (Cd-MaN) (Jun 26)
- Message not available