RE: Script Injections

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 23 Feb 2005 08:45:32 -0600

Hey Jim,

Also, I'd reconsider allowing access to sites that are poorly coded. Its
sort of the tip of the iceburg and who knows what else is going on under
the hood. 


Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Sent: Wednesday, February 23, 2005 8:39 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Script Injections

<p align=\"left\"><b><font face=\"Arial\" size=\"2\">GFI MailSecurity's
HTML threat engine found HTML scripts in this email and has disabled
them.</font></b></p>http://www.ISAserver.org

Sorry Rob,

Work got the better of me yesterday.
I have a sorta-list that I and another guy assemble to "educate" one
customer.
I'll dig up the mails and summarize it today.

Alternatively, you can edit that filter to trigger on <Xcript instead...
..unfortunately, that's only one of literally dozens of "tag attacks".

-----Original Message-----
From: Rob Moore [mailto:RMoore@xxxxxxxx] 
Sent: Wednesday, February 23, 2005 6:24 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Script Injections

http://www.ISAserver.org

Hey Jim--
 
Any chance you've had a mo to find these RFCs? I've been looking for
them myself with no luck. If you could even just point me to the right
place, that would be great.
 
Thanks,
Rob

________________________________

From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Sent: Tuesday, February 22, 2005 12:05 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Script Injections


http://www.ISAserver.org


I literally hate these jerks that think adding XML or HTTP tags to a
query is valid web site programming!

The fact is, this is the most basic form of script injection.

 

I have some RFC's that give valid URL syntax - I'll fwd them later...

 

-------------------------------------------------------

   Jim Harrison

   MCP(NT4, W2K), A+, Network+, PCG

   http://isaserver.org/Jim_Harrison/
<http://isaserver.org/Jim_Harrison/><!-- 

   http://isatools.org <http://isatools.org/> 

   Read the help / books / articles!

-------------------------------------------------------

 

________________________________

From: Rob Moore [mailto:RMoore@xxxxxxxx] 
Sent: Tuesday, February 22, 2005 08:45
To: [ISAserver.org Discussion List]
Subject: [isalist] Script Injections

 

http://www.ISAserver.org



Hi all-- 

Sometime back I used Jim Harrison's VBS script to block script
injections (the StartOfTag (<) and EndOfTag (>) things). I've run into a
couple of legitimate websites that are now blocked by our firewall. Are
there legitimate reasons an HTML programmer would use these tags? I'd
like to at least sound educated when I contact the website folks to tell
them why I'm blocking them.

Thanks, 
Rob 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rmoore@xxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

All mail to and from this domain is GFI-scanned.

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » Script Injections
• » RE: Script Injections
• » RE: Script Injections
• » RE: Script Injections
• » RE: Script Injections
• » RE: Script Injections
• » RE: Script Injections
• » RE: Script Injections
• » RE: Script Injections
• » RE: Script Injections
• » RE: Script Injections
• » RE: Script Injections
• » RE: Script Injections
• » RE: Script Injections
• » RE: Script Injections
• » RE: Script Injections
• » RE: Script Injections
• » RE: Script Injections
• » RE: Script Injections

1. Home
2. isalist
3. Archive
4. 02-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---