De-Anonymizer (Script Bypassing)

Discussion in 'privacy problems' started by Paul Wilders, Apr 26, 2002.

Thread Status:
Not open for further replies.
  1. Paul Wilders

    Paul Wilders Administrator

    Jul 1, 2001
    The Netherlands
    A technique allowing the bypassing of Anonymizer's SCRIPT filtering mechanism has been found. The technique would allow a malicious attackers to insert hostile JavaScript into their web pages and cause visiting users (even if they visit through Anonymizer) to execute it.

    The new technique utilizes a <SCR!PT> (NOTE: The letter I has been replaced with !) tag without a closing </SCRIPT> tag to fool Anonymizer into allowing an onError event to pass filters. This allows an attacker to execute JavaScript with obvious security breaches.

    Example (left out for security reasons - Forum Admin).

    source: securiteam


Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.