[Snort-sigs] Bypassing rules with spaces in scripts
josephgama at ...144...
Wed Jul 21 17:24:14 EDT 2004
Thank you Adrian for the kind words. Just trying to
help the Open Source movement. :)
I realized that several rules that detect malicious
scripts are vulnerable to deception by using spaces or
playing with " and '.
Here are two examples:
will fail for < SCRIPT>
will fail for:
Using " and ' is also a problem:
there is no need for them some times:
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
More information about the Snort-sigs