Информационная безопасность
[RU] switch to English


Дополнительная информация

  Обход фильтрации содержимого SMTP/HTTP во многих приложениях

  [SA13869] SafeHTML Hexadecimal HTML Entities Security Bypass

  [Full-Disclosure] Corsaire Security Advisory - Multiple vendor MIME Content-Transfer-
Encoding mechanism issue

  [Full-Disclosure] Corsaire Security Advisory - Multiple vendor MIME field whitespace issue

  [Full-Disclosure] Corsaire Security Advisory - Multiple vendor MIME separator issue

From:3APA3A <3APA3A_(at)_security.nnov.ru>
Date:25 марта 2002 г.
Subject:One more way to bypass NAV

Dear [email protected],

I've   updated   "Bypassing   content   filtering  software"  whitepaper
http://www.security.nnov.ru/advisories/content.asp to include new way to
bypass content filtering software. It confirmed to work with NAV and not
to work with McAffee and KAV (AVP).

Symantec      was     contected     via     [email protected]     and
[email protected] and didn't reply.

 13.Case sensitivity of Content-Type and Content-Disposition

 Most MUAs ignore case of Content-Type and Content-Disposition headres
 while content filtering software may behave in different way. It makes
 it possible to bypass content-filtering software by using header like

         CONTENT-type: text/plain;
               NAme=\"eicar.com\"

P.S. thanks to everyone on vuln-dev who participated in testing.

--
http://www.security.nnov.ru
        /\_/\
       { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   }
+-------------o66o--+ /
                   |/
You know my name - look up my number (The Beatles)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород