Cenzic 232 Patent
Paid Advertising
web application security lab
« File upload leading to script execution
US-ASCII XSS part 2 »

Malformed ASCII bypasses filters

Kurt Huwig just released a vulnerability in the way the IE correctly handles ASCII encoding. It’s a pretty tricky flaw, that really is more of a problem in Firefox and Operat that they don’t also have the flaw, but the end result is that many forms of content filters will not be able to see the text when encoded in this way.

This is the link to the proof of concept page that shows text saying “The Magic Words are Squeamish Ossifrage” (view it in Firefox and IE to see the difference). Pretty interesting implications for the AV and content filtering world. I’ll be interested to see what the patches end up looking like when this is fixed.

This entry was posted on Wednesday, June 21st, 2006 at 1:49 pm and is filed under Webappsec. Responses are currently closed, but you can trackback from your own site.

3 Responses to “Malformed ASCII bypasses filters”

  1. ha.ckers.org security lab - Archive » US-ASCII XSS part 2 Says:
    June 21st, 2006 at 4:56 pm

    […] ha.ckers.org security lab - Archive » US-ASCII XSS part 2 « Malformed ASCII bypasses filters […]

  2. Yi-Feng Tzeng’s Blog » Blog Archive » XSS via US-ASCII Says:
    June 23rd, 2006 at 8:34 am

    […] ha.ckers.org part 1 […]

  3. ha.ckers.org web application security lab - Archive » US-ASCII Issues Redux Says:
    August 29th, 2006 at 3:50 pm

    […] Where [CHAR] was an enumerating list of characters and [DECIMAL-CHAR] was the decimal representation of that character. I expected to only find 60 (the decimal representation of the open angle bracket, and the additional character 188 (the US-ASCII issue that Kurt Huwig found). Alas, there was far far more vulnerable characters. Here’s the list: […]