BugTraq
Bypassing of web filters by using ASCII Jun 21 2006 01:11PM
k huwig iku-ag de (4 replies)
Re: Bypassing of web filters by using ASCII Jun 22 2006 10:08PM
Amit Klein (AKsecurity) (aksecurity hotpop com)
Re: Bypassing of web filters by using ASCII Jun 22 2006 02:57PM
Hubert Seiwert (hubert westpoint ltd uk)
Re: Bypassing of web filters by using ASCII Jun 21 2006 11:57PM
RSnake (rsnake shocking com) (2 replies)
Re: Bypassing of web filters by using ASCII Jun 25 2006 03:42PM
David Huecking (d huecking gmx net)
Re: Bypassing of web filters by using ASCII Jun 22 2006 12:34AM
Kurt Huwig (k huwig iku-ag de)
Re: Bypassing of web filters by using ASCII Jun 21 2006 08:15PM
Fixer (fixer gci net) (1 replies)
Re: Bypassing of web filters by using ASCII Jun 21 2006 10:24PM
Paul (pvnick gmail com) (3 replies)
Re: Bypassing of web filters by using ASCII Jun 22 2006 07:46AM
Amit Klein (AKsecurity) (aksecurity hotpop com) (1 replies)
RE: Bypassing of web filters by using ASCII Jun 23 2006 11:55AM
James C. Slora Jr. (james slora phra com) (3 replies)
Amit Klein wrote Thursday, June 22, 2006 3:47 AM

> So in order to exploit this in HTML over HTTP, the attacker needs to
either add/modify the Content-Type response header, or to add/modify the
META tag in the HTML page.

There are other ways that might carry a bigger injection threat:

Style sheet:
http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml

/reference/properties/charset_1.asp

Object property:
http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml

/reference/properties/charset.asp

By extension, it should also work for inline styles.

[ reply ]
Re: Bypassing of web filters by using ASCII Jun 26 2006 05:56PM
Hubert Seiwert (hubert westpoint ltd uk) (1 replies)
RE: Bypassing of web filters by using ASCII Jun 26 2006 07:31PM
James C. Slora Jr. (james slora phra com)
RE: Bypassing of web filters by using ASCII Jun 23 2006 10:12PM
RSnake (rsnake shocking com)
RE: Bypassing of web filters by using ASCII Jun 23 2006 07:23PM
Amit Klein (AKsecurity) (aksecurity hotpop com)
Re: Bypassing of web filters by using ASCII Jun 22 2006 03:40AM
Thor (Hammer of God) (thor hammerofgod com)
Re: Bypassing of web filters by using ASCII Jun 21 2006 11:23PM
Kurt Huwig (k huwig iku-ag de)


 

Privacy Statement
Copyright 2010, SecurityFocus