[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CWD -- Jacking in from the "Keys to the Kingdom" Port
-----BEGIN PGP SIGNED MESSAGE-----
An entity claiming to be David Rosoff wrote:
:
: I've wondered .. could a creative child circumvent these filter programs
: using a URL-redirecter, like where you see something like
: http://www.one.site.com/cgi-bin/rd?http://www.porno-site.com/
: or are they not URL-based?
I would assume that the filters look for regexp's in the query string, too.
How about a nice little Nutscape plugin that uses a rot13'd query string?
http://www.one.site.com/cgi-bin/sneaky-rd?uggc://jjj.cbeab-fvgr.pbz/
Hmmm, no bad words in the query string. Of course the filter package would
start looking for rot13'd stuff in the next release. So the next logical
step is to use the URL encrypted with the redirector's public key ... or
better yet, a dynamically generated key. Just convert it to radix64 so
as to avoid ?'s &'s or ='s, and use that as the query string.
The plug-in would only be necessary to generate the first request. Any
URL preparation could be handled by passing the output of netcat through
a stream filter before sending it to the client.
Now, if I can get the time, maybe I will write a nice little redirector
to do this. (hehehehehehe ... right ... get the time ... good one)
mark
- --
Mark Rogaski | Why read when you can just sit and | Member
GTI System Admin | stare at things? | Programmers Local
[email protected] | Any expressed opinions are my own | # 0xfffe
[email protected] | unless they can get me in trouble. | APL-CPIO
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMdrXDQ0HmAyu61cJAQEZXwP/bSI1tqQH/BCXXWPHhIp9Waq/A22ozyKf
W0iL3zveQWbmirXd5RYtxoo+v8jTFmv+SOIUKrI+n7WKTmFoj1TtzMf8zTYTz/KW
aZ2NK/PddgSqq4mjQEaxufMqvbG8lE/+Cu6GePo8UkFmkd7hSnNQA5sVv/kaTD47
5xVQCwkEwnc=
=traT
-----END PGP SIGNATURE-----