Wilders Security Forums  

Go Back   Wilders Security Forums > Privacy Related Topics > privacy problems
Reload this Page De-Anonymizer (Script Bypassing)
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Search this Thread
  #1  
Old April 26th, 2002, 06:26 AM
Paul Wilders's Avatar
Paul Wilders Paul Wilders is offline
Administrator
  
Join Date: Jul 2001
Location: The Netherlands
Posts: 12,383
Default De-Anonymizer (Script Bypassing)
Summary
A technique allowing the bypassing of Anonymizer's SCRIPT filtering mechanism has been found. The technique would allow a malicious attackers to insert hostile JavaScript into their web pages and cause visiting users (even if they visit through Anonymizer) to execute it.


Details
The new technique utilizes a <SCR!PT> (NOTE: The letter I has been replaced with !) tag without a closing </SCRIPT> tag to fool Anonymizer into allowing an onError event to pass filters. This allows an attacker to execute JavaScript with obvious security breaches.

Example (left out for security reasons - Forum Admin).

source: securiteam

regards.

paul
__________________
01110010 01100101 01100111 01100001 01110010 01100100 01110011 00100000 01110000 01100001 01110101 01101100
 

Wilders Security Forums > Privacy Related Topics > privacy problems « Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 05:14 PM.

Contact Us - Wilders Security - Archive - TOS/Privacy - Top

Powered by vBulletin® Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2009, Wilders Security Forums