Re: "Strip Script Tags" in FW-1 can be circumvented

From: Jonah Kowall (jkowallat_private)
Date: Wed Feb 02 2000 - 07:08:37 PST

Next message: Losinski, Robert: "Re: "Strip Script Tags" in FW-1 can be circumvented"

Previous message: Toshimi Makino: "war-ftpd 1.6x DoS"
Next in thread: Losinski, Robert: "Re: "Strip Script Tags" in FW-1 can be circumvented"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Okay I have gotten 100x of these messages... all I have to say was that
there are 1000 possibilities for malforming html tags in some sense, and
what you consider valid html must also be explored.  This isn't an issue in
Firewall 1 4.0 SP5.  It apparently has been fixed sometime between the 4.5
year old version he was using, and the current release.


-----Original Message-----
From: arkat_private [mailto:arkat_private]
Sent: Wednesday, February 02, 2000 5:56 AM
To: jkowallat_private
Cc: BUGTRAQat_private
Subject: Re: "Strip Script Tags" in FW-1 can be circumvented


-----BEGIN PGP SIGNED MESSAGE-----

nuqneH,

One of most important reasons to use firewall is to avoid client bugs from
being abused. It _is_ definitely a bug in FW-1.

Jonah Kowall <jkowallat_private> said :

> 	I don't consider this a bug in FW-1, but a bug in the products
> navigator, and internet explorer.  These tags shouldn't be parsed, because
> they are malformed.  The firewall is stripping tags properly, but since
> these tags are malformed you can't expect the firewall to be able to
> recognize them as valid tags.
>
>
> -----Original Message-----
> From: Arne Vidstrom [mailto:arne.vidstromat_private]
> Sent: Saturday, January 29, 2000 8:52 AM
> To: BUGTRAQat_private
> Subject: "Strip Script Tags" in FW-1 can be circumvented
>
>
> Hi all,
>
> The "Strip Script Tags" in FW-1 can be circumvented by adding an extra <
> before the <SCRIPT> tag like in this code:
>
> <HTML>
> <HEAD>
> <<SCRIPT LANGUAGE="JavaScript">
> alert("hello world")
> </SCRIPT>
> </HEAD>
> <BODY>
> test
> </BODY>
> </HTML>
>
> This code will pass unchanged, and still execute in both Navigator and
> Explorer. I tried this on version 3.0 of FW-1 (on Windows NT 4.0) but I'm
> not able to check it on version 4.0 since I don't have access to it.
>
>
> /Arne Vidstrom
>
> http://ntsecurity.nu
>

                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBOJgNSKH/mIJW9LeBAQFs4gP+PPq2cUhySREF0VETw6UnK3GXCJ5e3qdO
zlS2mB5w0cF+5DNNbwriWZ1MMyFN4/6Q/xMFC/ooa2+Il/BDoZCzhp1qL4Cw7Xq9
kutraZD/7+77E4u2gFirG/mmGfzsxALtNLtajTacmnAQ1evrMzeD4dGN6pdiYVRx
zrvp+hHwVSA=
=uv2x
-----END PGP SIGNATURE-----

Next message: Losinski, Robert: "Re: "Strip Script Tags" in FW-1 can be circumvented"
Previous message: Toshimi Makino: "war-ftpd 1.6x DoS"
Next in thread: Losinski, Robert: "Re: "Strip Script Tags" in FW-1 can be circumvented"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:32:57 PDT