Re: Eudora executes (Java) URL

From: Dominique Unruh (dominiqueat_private)
Date: Tue Aug 11 1998 - 12:09:00 PDT

Next message: Chip Salzenberg: "Re: Sendmail up to 8.9.1 - mail.local instroduces new class of"

Previous message: Aleph One: "New PPTP Sniifer/Active Attack"
Maybe in reply to: Stout, Bill: "Eudora executes (Java) URL"
Next in thread: John D. Hardin: "Re: Eudora executes (Java) URL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[From an anti-mail-exploit-procmail-filter-perl-script (see
http://www.wolfenet.com/~jhardin/procmail-security.html):]
>  s/<BODY\s+(([^">]+("(\\.|[^"])*")?)*)ONLOAD/<BODY $1 DEFANGED-ONLOAD/gi;

This Pattern will catch lines like
        <body onload="badthings()">
converted to
        <BODY DEFANGED-ONLOAD="badthings()">
but not
        <body onload="badthings()" onload="badthings()">
converted to
        <BODY onload="badthings()"  DEFANGED-ONLOAD="badthings()">]
So one onload=... will stay and act.

Also things like < body ... > wont be catched. I dont know if those are
leading spaces are proper HTML, but even if not, one should not suppose
every bad HTML to be rejected.

DniQ.

Next message: Chip Salzenberg: "Re: Sendmail up to 8.9.1 - mail.local instroduces new class of"
Previous message: Aleph One: "New PPTP Sniifer/Active Attack"
Maybe in reply to: Stout, Bill: "Eudora executes (Java) URL"
Next in thread: John D. Hardin: "Re: Eudora executes (Java) URL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:11:57 PDT