Vulnerability Development mailing list archives
One more way to bypass NAV
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Fri, 22 Mar 2002 13:24:42 +0300
Dear BUGTRAQ () SECURITYFOCUS COM, I've updated "Bypassing content filtering software" whitepaper http://www.security.nnov.ru/advisories/content.asp to include new way to bypass content filtering software. It confirmed to work with NAV and not to work with McAffee and KAV (AVP). Symantec was contected via support () symantec com and symsecurity () symantec com and didn't reply. 13.Case sensitivity of Content-Type and Content-Disposition Most MUAs ignore case of Content-Type and Content-Disposition headres while content filtering software may behave in different way. It makes it possible to bypass content-filtering software by using header like CONTENT-type: text/plain; NAme=\"eicar.com\" P.S. thanks to everyone on vuln-dev who participated in testing. -- http://www.security.nnov.ru /\_/\ { , . } |\ +--oQQo->{ ^ }<-----+ \ | ZARAZA U 3APA3A } +-------------o66o--+ / |/ You know my name - look up my number (The Beatles)
Current thread:
- One more way to bypass NAV 3APA3A (Mar 22)