Messing with Web Filtering Gateways

Most of us are familiar with several techniques that allow us to bypass web filtering gateways like CS MIMESweeper.

The following are some of them:

access the desired site via IP address rather than domain name
access cached content rather than live data. i.e.: using Google’s cache: command
using proxies. i.e.: anonymouse, Google translator, etc
using alternative connections. [...]

more | comments | comments rss | posted by

The new dawn of filter evasion

This article is about the most important phase when attacking web applications. The phase when the markup has just been broken and the attacker will try to inject his own markup, script code or other data – let’s call it the PMBP (post-markup-breaking-phase). This phase is mostly possible to occur when quotes aren’t correctly sanitized or when input is placed between two tags. In this article we will set the focus on the first variant – the attribute injection. [...]

more | comments | comments rss | posted by