Home page logo

bugtraq logo Bugtraq mailing list archives

RE: Bybass HTTP ( extension files ) in ISA 2004
From: "Edward Tripovich" <edward.tripovich () hotmail com>
Date: Mon, 17 Jul 2006 19:33:05 +0200

Tested this on ISA 2004. I cannot reproduce this. The ISA server blocks a given extension, with or without the # at the end of the file extension.

Special config maybe?


medozero () yahoo com schreef:
hi ppl i just discover a bug in Microsoft Internet Security and Acceleration (ISA) Server which make you able to Bybass HTTP ( extension files ) just add # to the end of the file extension
ex: www.site.com/file.zip#
that will make you bybass the filter rule if the admin prevent you from downlaoding the extension zip
Copyright MedoZero 2006

Bellen met Messenger? Download nu Windows Live Messenger beta! http://imagine-msn.com/messenger/launch80/default.aspx?locale=nl-nl

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]