On 2002-09-18, 16:07:13 (+0200), Andrew wrote:
>
> telnet Windows 2000 telnet attempts NTLM authentication (or at
> least, it did). Network sniffs can can be fed to a
> password cracking program.
> about Don't know what this will be doing in mail, and
> there's some scripting possibilities ..
"about" is already on the list... I don't see the security implications
of telnet though. How can offering a telnet link be dangerous?
> And this?
>
> opera Opera seems to support it's own kind of about
> thingy you can do opera:cache - I don't know if
> that's good for anything legitimate.
That definately goes on the list.
> BUT! why not just block everything that's not included with the
> message (although that's quite bad too, come to think of it :)
:-) That would have to be configurable...
> On an unrelated note, I see that there are a few things that are
> rumoured to be scriptable, some of which get past Anomy's
> sanitizer -- particularly img dynsrc=xxx - selected from an old
> bugtraq post ...
Um, no, dynsrc= is handled just like src=, follows the same rules.
Definately not scriptable in any recent versions of the Sanitizer.
> http://cert.uni-stuttgart.de/archive/bugtraq/2002/05/msg00116.html
>
> <input type="image" dynsrc="javascript:[code]"> [IE]
Already blocked.
> <img src=&{[code]};> [N4]
> <img src="mocha:[code]"> [N4]
Fixed in CVS...
> <img src="blah"onmouseover="[code]">
> <img src="blah>" onmouseover="[code]">
> &{[code]}; [N4]
I'm gonna have to look into these... :-)
I agree that the most worrying is the "blah>" exploit. That one
indicates that my parser is broken, and could take some
head-scratching to fix. Bugger.
-- Bjarni R. Einarsson PGP: 02764305, B7A3AB89 53999@xyz.molar.is -><- http://bre.klaki.net/Check out my open-source email sanitizer: http://mailtools.anomy.net/ Spammers, please send plenty of email to: 54082@xyz.molar.is