[7610] in bugtraq
Re: Eudora executes (Java) URL
daemon@ATHENA.MIT.EDU (Dominique Unruh)
Tue Aug 11 17:07:29 1998
Date: Tue, 11 Aug 1998 21:09:00 +0200
Reply-To: Dominique Unruh <dominique@UNRUH.DE>
From: Dominique Unruh <dominique@UNRUH.DE>
X-To: "John D. Hardin" <jhardin@wolfenet.com>
To: BUGTRAQ@NETSPACE.ORG
[From an anti-mail-exploit-procmail-filter-perl-script (see
http://www.wolfenet.com/~jhardin/procmail-security.html):]
> s/<BODY\s+(([^">]+("(\\.|[^"])*")?)*)ONLOAD/<BODY $1 DEFANGED-ONLOAD/gi;
This Pattern will catch lines like
<body onload="badthings()">
converted to
<BODY DEFANGED-ONLOAD="badthings()">
but not
<body onload="badthings()" onload="badthings()">
converted to
<BODY onload="badthings()" DEFANGED-ONLOAD="badthings()">]
So one onload=... will stay and act.
Also things like < body ... > wont be catched. I dont know if those are
leading spaces are proper HTML, but even if not, one should not suppose
every bad HTML to be rejected.
DniQ.
