The attacker uses an alternate form of a key word or command that results
in the same action as the primary form but which may not be caught by
filters. For example, many keywords are processed in a case insensitive
manner. If the site's web filtering algorithm does not convert all tags into
a consistent case before the comparison with forbidden keywords it is
possible to bypass filters by using an alternate case structure. For
example, the "script" tag using the alternate forms of "Script" or "ScRiPt"
may bypass filters where "script" is the only form tested. Other variants
using different syntax representations are also possible. The attack can
result in the execution of otherwise prohibited functionality.
Attack Prerequisites
The target web site must not adequately filter alternate syntax in web
input.
Resources Required
The attacker must trick the victim into following a crafted link to a
vulnerable server or view a web post where the dangerous commands are executed.
MHonArc 2.5.2 and earlier does not properly filter Javascript from
archived e-mail messages, which could allow remote attackers to execute
script in web clients by (1) splitting the SCRIPT tag into smaller
pieces, (2) including the script in a SRC argument to an IMG tag, or (3)
using "&={script}" syntax.
Vision and Technical Leadership provided by Cigital, Inc.
This Web site is hosted by The MITRE Corporation.
Copyright 2009, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.
Description
