I don't consider this a bug in FW-1, but a bug in the products navigator, and internet explorer. These tags shouldn't be parsed, because they are malformed. The firewall is stripping tags properly, but since these tags are malformed you can't expect the firewall to be able to recognize them as valid tags. -----Original Message----- From: Arne Vidstrom [mailto:arne.vidstromat_private] Sent: Saturday, January 29, 2000 8:52 AM To: BUGTRAQat_private Subject: "Strip Script Tags" in FW-1 can be circumvented Hi all, The "Strip Script Tags" in FW-1 can be circumvented by adding an extra < before the <SCRIPT> tag like in this code: <HTML> <HEAD> <<SCRIPT LANGUAGE="JavaScript"> alert("hello world") </SCRIPT> </HEAD> <BODY> test </BODY> </HTML> This code will pass unchanged, and still execute in both Navigator and Explorer. I tried this on version 3.0 of FW-1 (on Windows NT 4.0) but I'm not able to check it on version 4.0 since I don't have access to it. /Arne Vidstrom http://ntsecurity.nu
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:32:35 PDT