Amit Klein was kind enough to point out that the ASP.NET filter evasion issue is actually a known issue. It was first pointed out in 2004! According to that post "We have decided that a KB article and update to tools and/or best practice guidelines should be done for this, and will be as time permits. We are not tracking this case as a security bulletin" - Microsoft
UPDATED 05/21/07 by Robert
> = %uff1E
< = %uff1c
Brackets ONLY Encoded: %uff1cscript%uff1Ealert(document.cookie)%uff1c/script%uff1E
Full Encoded: %uff1cscript%uff1Ealert%uFF08document%uff0ecookie%uff09%uff1c/script%uff1E
More updates will be posted here as they are discovered.
Posted 05/21/07 by Robert
A new unicode encoding bypass has been discovered which will potentially leave dozens of popular applications vulnerable. At this time vendors such as 3com, ISS, Tippingpoint, Snort, and Cisco have released advisories. From CERT
"Full-width and half-width encoding is a technique for encoding Unicode characters. Various HTTP content scanning systems fail to properly scan full-width/half-width Unicode encoded HTTP traffic. By sending specially-crafted HTTP traffic to a vulnerable content scanning system, an attacker may be able to bypass that content scanning system."
The impact at this time is still being investigated by CERT however it is very possible other major products are also affected. Products most likely affected will be Intrusion Detection/Prevention Systems, maybe Application Servers/Web Proxies/Servers. The original advisory released by Fatih Ozavci and Caglar Cakicican be found at http://www.gamasec.net/english/gs07-01.html (Currently down)