has anyone tried the longip equivalent for the host? (for the few what dont
know longip, try //echo -a $longip(123.45.67.89) in mIRC ) ... its a rather
old spammer trick.. disguising the urls like http://43243234432/%43%76%32
Sincerely
Knud Erik Højgaard <knud_at_cybercity.dk>
Cybercity Support <support_at_cybercity.dk>
http://www.cybercity.dk/support/
----- Original Message -----
From: Kevin R Smith <Kevin.Smith_at_FIRSTDATACORP.CO.UK>
To: <BUGTRAQ_at_SECURITYFOCUS.COM>
Sent: Wednesday, July 05, 2000 1:23 PM
Subject: Novell BorderManager 3.0 EE - Encoded URL rule bypass
> I suspect that this has already been defined, but I cannot find any
reference to it.
>
> Setting secure areas on an intranet secured by URL rules within
bordermanager can be bypassed by changing some of the characters in the URL
with %-encoded triplets. To access http://home.myintranet.com/secure use
http://home.myintranet.com/s%45cure
>
> It doesn't work for characters in the main domain name, nut sub-folders
seem to work ok.
>
> I haven't seen any mention of this in any TIDs or service packs for BM, so
I assume the fault carries over into version 3.5?
>
>
> Regards,
> Kevin R Smith
Received on Jul 06 2000
Intro
