Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Bybass HTTP ( extension files ) in ISA 2004
From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Sat, 15 Jul 2006 12:54:51 -0700

I cannot reproduce this on either ISA2004 or ISA2006.  Configuring the HTTP
filter to block file extensions functions as expected with or without the

You've probably misconfigured your firewall, or have some other issue.  Can
you please provide details on your configuration?


New Blackhat Vegas 2006 Training Offered!
ISA Ninjitsu: 
Designing, Building, and Maintaining Enterprise Firewall
and DMZ Topologies with Microsoft ISA Server 2004

On 7/15/06 7:47 AM, "medozero () yahoo com" <medozero () yahoo com> spoketh to

hi ppl i just discover a bug in Microsoft Internet Security and Acceleration
(ISA) Server which make you able to Bybass HTTP ( extension files ) just add #
to the end of the file extension

ex: www.site.com/file.zip#

that will make you bybass the filter rule if the admin prevent you from
downlaoding the extension zip

Copyright MedoZero 2006

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]