Re: Bypassing of web filters by using ASCII

[Kurt Huwig <k.huwig () iku-ag de>]

RSnake schrieb:
>     Jeremiah Grossman and I were able to get a proof of concept
> working based off of Kurt's work that actually runs a simple piece of
> JavaScript in IE, without using open or close angle brackets.  Here's
> the link to the post:
>
> http://ha.ckers.org/blog/20060621/us-ascii-xss-part-2/
>
>     I concur that it would be very likely that this would pass
> through almost all the content filters known to date, although the
> liklihood of exploit is fairly low for any given websites, given the
> encoding needed (US-ASCII).  This is more relevant to perhaps injecting
> JavaScript from remote locations by which you have control and bypassing
> AV or content filtering products that otherwise would restrict malicious
> JavaScript.

I was able to get your example working on a normal HTTP server by adding
this to the <head>er:

<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII" />

Demo page is here:

http://www.iku-ag.de/ascii.cgi.htm
-- 
Kurt Huwig             iKu Systemhaus AG        http://www.iku-ag.de/
Vorstand               Am Römerkastell 4        Telefon 0681/96751-0
                       66121 Saarbrücken        Telefax 0681/96751-66
GnuPG 1024D/99DD9468 64B1 0C5B 82BC E16E 8940  EB6D 4C32 F908 99DD 9468

Attachment: signature.asc
Description: OpenPGP digital signature