Bugtraq: Bybass HTTP ( extension files ) in ISA 2004

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Bybass HTTP ( extension files ) in ISA 2004

From: medozero () yahoo com
Date: 15 Jul 2006 14:47:18 -0000

hi ppl i just discover a bug in Microsoft Internet Security and Acceleration (ISA) Server which make you able to Bybass 
HTTP ( extension files ) just add # to the end of the file extension
ex: www.site.com/file.zip#
that will make you bybass the filter rule if the admin prevent you from downlaoding the extension zip
Copyright MedoZero 2006

By Date By Thread

Current thread:

Bybass HTTP ( extension files ) in ISA 2004 medozero (Jul 15)
- Re: Bybass HTTP ( extension files ) in ISA 2004 Thor (Hammer of God) (Jul 17)
- <Possible follow-ups>
- RE: Bybass HTTP ( extension files ) in ISA 2004 Edward Tripovich (Jul 17)
- Re: Bybass HTTP ( extension files ) in ISA 2004 medozero (Jul 18)
  - Re: Bybass HTTP ( extension files ) in ISA 2004 Thor (Hammer of God) (Jul 19)
- Re: Bybass HTTP ( extension files ) in ISA 2004 medozero (Jul 18)