[13640] in bugtraq
Re: "Strip Script Tags" in FW-1 can be circumvented
daemon@ATHENA.MIT.EDU (=?iso-8859-1?Q?Bj=F8rnar_B=2E_Lars)
Tue Feb 1 17:39:26 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-Id: <50325BA28B01D211A57F00805FB7FC250272F8D6@mail>
Date: Tue, 1 Feb 2000 11:10:09 +0100
Reply-To: =?iso-8859-1?Q?Bj=F8rnar_B=2E_Larsen?= <bbl@AVENIR.NO>
From: =?iso-8859-1?Q?Bj=F8rnar_B=2E_Larsen?= <bbl@AVENIR.NO>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Content-Transfer-Encoding: 8bit
Arne Vidstrøm wrote:
> The "Strip Script Tags" in FW-1 can be circumvented by adding
> an extra <
> before the <SCRIPT> tag
(.......)
> I'm not able to check it on version 4.0 since
> I don't have access to it.
I've tried this on FW-1 version 4.0 SP4, on NT4 and it strips the code as
it's supposed to do. That is,
<<SCRIPT LANGUAGE="JavaScript">
is altered into
<<SCRIP! LANGUAGE="JavaScript">
which the browsers will disregard. It's a bit silly that the alert("hello
world") isn't cut away, though, so "< alert("hello world") test" is what
your page looks like in web-browsers.
Regards,
:) Bjørnar
