Paul Wilders
April 26th, 2002, 06:26 AM
Summary
A technique allowing the bypassing of Anonymizer's SCRIPT filtering mechanism has been found. The technique would allow a malicious attackers to insert hostile JavaScript into their web pages and cause visiting users (even if they visit through Anonymizer) to execute it.
Details
The new technique utilizes a <SCR!PT> (NOTE: The letter I has been replaced with !) tag without a closing </SCRIPT> tag to fool Anonymizer into allowing an onError event to pass filters. This allows an attacker to execute JavaScript with obvious security breaches.
Example (left out for security reasons - Forum Admin).
source: securiteam
regards.
paul
A technique allowing the bypassing of Anonymizer's SCRIPT filtering mechanism has been found. The technique would allow a malicious attackers to insert hostile JavaScript into their web pages and cause visiting users (even if they visit through Anonymizer) to execute it.
Details
The new technique utilizes a <SCR!PT> (NOTE: The letter I has been replaced with !) tag without a closing </SCRIPT> tag to fool Anonymizer into allowing an onError event to pass filters. This allows an attacker to execute JavaScript with obvious security breaches.
Example (left out for security reasons - Forum Admin).
source: securiteam
regards.
paul