Bugtraq mailing list archives
Re: Eudora executes (Java) URL
From: dominique () UNRUH DE (Dominique Unruh)
Date: Tue, 11 Aug 1998 21:09:00 +0200
[From an anti-mail-exploit-procmail-filter-perl-script (see http://www.wolfenet.com/~jhardin/procmail-security.html):]
s/<BODY\s+(([^">]+("(\\.|[^"])*")?)*)ONLOAD/<BODY $1 DEFANGED-ONLOAD/gi;
This Pattern will catch lines like <body onload="badthings()"> converted to <BODY DEFANGED-ONLOAD="badthings()"> but not <body onload="badthings()" onload="badthings()"> converted to <BODY onload="badthings()" DEFANGED-ONLOAD="badthings()">] So one onload=... will stay and act. Also things like < body ... > wont be catched. I dont know if those are leading spaces are proper HTML, but even if not, one should not suppose every bad HTML to be rejected. DniQ.
Current thread:
- Re: Eudora executes (Java) URL John D. Hardin (Aug 10)
- <Possible follow-ups>
- Re: Eudora executes (Java) URL Dominique Unruh (Aug 11)
- Re: Eudora executes (Java) URL Vitiello, Eric (Aug 11)
- Re: Eudora executes (Java) URL James Wetterau (Aug 11)
- Re: Eudora executes (Java) URL Alec Kosky (Aug 11)
- Re: Eudora executes (Java) URL John D. Hardin (Aug 11)
- Cisco IOS software security notice security-alert () cisco com (Aug 12)
- Re: Eudora executes (Java) URL High Tide (Aug 12)
- Re: RotoRouter 1.0 - Traceroute log & fake Julian Assange (Aug 11)
- DoS in Flowpoint 2000 DSL routers Jason Ackley (Aug 11)
- Re: DoS in Flowpoint 2000 DSL routers Tom (Aug 11)
- Re: DoS in Flowpoint 2000 DSL routers Jason Ackley (Aug 12)