Home page logo
/

bugtraq logo Bugtraq mailing list archives

RE: Bybass HTTP ( extension files ) in ISA 2004
From: "Edward Tripovich" <edward.tripovich () hotmail com>
Date: Mon, 17 Jul 2006 19:33:05 +0200

Tested this on ISA 2004. I cannot reproduce this. The ISA server blocks a given extension, with or without the # at the end of the file extension.

Special config maybe?

Edward

medozero () yahoo com schreef:
hi ppl i just discover a bug in Microsoft Internet Security and Acceleration (ISA) Server which make you able to Bybass HTTP ( extension files ) just add # to the end of the file extension
ex: www.site.com/file.zip#
that will make you bybass the filter rule if the admin prevent you from downlaoding the extension zip
Copyright MedoZero 2006



_________________________________________________________________
Bellen met Messenger? Download nu Windows Live Messenger beta! http://imagine-msn.com/messenger/launch80/default.aspx?locale=nl-nl


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]