Re: Bypassing of web filters by using ASCII

["Balazs Attila-Mihaly (Cd-MaN)" <x_at_y_or_z () yahoo com>]

Tested with Mosaic 3.00 (the last publicly available), and it crashes (then again, it crashes on almost all websites)

Attila

----- Original Message ----
From: Amit Klein (AKsecurity) <aksecurity () hotpop com>
To: Vincent Archer <varcher () denyall com>
Cc: bugtraq () securityfocus com; k.huwig () iku-ag de
Sent: Friday, 23 June, 2006 6:12:13 PM
Subject: Re: Bypassing of web filters by using ASCII

On 23 Jun 2006 at 10:35, Vincent Archer wrote:

> On Fri, Jun 23, 2006 at 12:08:56AM +0200, Amit Klein (AKsecurity) wrote:
> > So what I don't understand now is why IE's "solution" is any better than Opera/Firefox?
> >
> > Why is modifying the data (msb) any better than modifying the data-description (charset)?
>
> The same problem did exist in RFC821, which specified the data path as
> being 7-bit, with the MSB set to 0. The venerable ancestor sendmail did
> enforce that, by and-ing each and every byte with 0x7F, which means that
> the IE solution is "slightly better", due to historical precedent.

If we're into precedences, does anyone know what Mosaic 1.0 used to do in such case? after 
all, it was probably the first widely used browser (see 
http://www.livinginternet.com/w/wi_browse.htm), and it made some sense (in the early 90s) 
to conform to its de-facto browser standard.

> Not that it's good anyway.

Yep...

-Amit