-----BEGIN PGP SIGNED MESSAGE----- At 02.09 PM 7/4/96 -0400, you wrote:
On Wed, 3 Jul 1996, Mark Rogaski wrote:
I would assume that the filters look for regexp's in the query string, too. How about a nice little Nutscape plugin that uses a rot13'd query string?
Do you have a copy of that plugin? If it exists.
http://www.one.site.com/cgi-bin/sneaky-rd?uggc://jjj.cbeab-fvgr.pbz/
Hmmm, no bad words in the query string. Of course the filter package would start looking for rot13'd stuff in the next release. So the next logical step is to use the URL encrypted with the redirector's public key ... or better yet, a dynamically generated key. Just convert it to radix64 so as to avoid ?'s &'s or ='s, and use that as the query string.
The plug-in would only be necessary to generate the first request. Any URL preparation could be handled by passing the output of netcat through a stream filter before sending it to the client.
That "creative child" would have to be pretty damn smart to do what you described.
It would actually take less creativity to do the other things, bypass the config.sys, etc. The child would thus be perhaps a little TOO creative. :) =============================================================================== David Rosoff (nihongo o sukoshi dekiru) ----------------> drosoff@arc.unm.edu For PGP key 0xD37692F9, finger drosoff@acoma.arc.unm.edu 0xD37692F9 Key fingerprint = 25 7D AA 01 85 41 43 89 50 5A 33 76 F1 F1 99 67 Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/ Anonymous ok, PGP ok. If it's not PGP-signed, you know that I didn't write it. === === === === === === === === === === === === === === === === === === === === "Truth is stranger than fiction, especially when truth is being defined by the O.J. Simpson Defense Team." -Dave Barry -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMdxKohguzHDTdpL5AQEFIwQAuK9Ca8ImcDka9mYWht35h8NMSr2A/tfB zvusZ8P5HIEYTbQ8GyRDQ3R+X58+k2pQmaCnO66EtI83mrVs+J9C8B7LoobroZpO u2R0SnMMJVU6eQAnkABkgYaMLVamqEMG+n6qmk7NePjsawSBvOdtuH9dmccR1/Pi +sGpQvT6RvI= =vTir -----END PGP SIGNATURE-----