One more way to bypass NAV

2002-03-2500:00:00

vulners.com

JSON

Dear [email protected],

I've updated "Bypassing content filtering software" whitepaper
http://www.security.nnov.ru/advisories/content.asp to include new way to
bypass content filtering software. It confirmed to work with NAV and not
to work with McAffee and KAV (AVP).

Symantec was contected via [email protected] and
[email protected] and didn't reply.

13.Case sensitivity of Content-Type and Content-Disposition

Most MUAs ignore case of Content-Type and Content-Disposition headres
while content filtering software may behave in different way. It makes
it possible to bypass content-filtering software by using header like

      CONTENT-type: text/plain;
            NAme=&#92;&quot;eicar.com&#92;&quot;

P.S. thanks to everyone on vuln-dev who participated in testing.

–
http://www.security.nnov.ru
/\_/\
{ , . } |\
±-oQQo->{ ^ }<-----+ \
| ZARAZA U 3APA3A }
±------------o66o–+ /
|/
You know my name - look up my number (The Beatles)

JSON